Re: PG Role : With Crud Operations without Drop DB user - Mailing list pgsql-admin

From David G. Johnston
Subject Re: PG Role : With Crud Operations without Drop DB user
Date
Msg-id CAKFQuwYJcdn-2viKwA6ZuwsJecWTbh1b70hcVWkOoxzy67JPLA@mail.gmail.com
Whole thread Raw
In response to PG Role : With Crud Operations without Drop DB user  (venkatesh R <venkatesh.ramanujam007@gmail.com>)
List pgsql-admin
On Tue, Feb 27, 2024 at 8:30 PM venkatesh R <venkatesh.ramanujam007@gmail.com> wrote

REVOKE CREATE, DROP ON ALL TABLES IN SCHEMA public FROM developer;
REVOKE CREATE, DROP ON ALL SCHEMAS IN DATABASE your_database_name FROM developer;

What exactly are you using here? There is no DROP permission and CREATE doesn't apply to tables.
 

The commands we used are still able to drop the database. Which it shouldn't do.

I don't see either a create database nor a drop database command in that so it is hard to say where you are going wrong.  I suggest you write a self-contained psql script demonstrating explicitly the problematic behavior.  A randomly created role that is neither a superuser nor the database owner will be unable to drop a database.

Is this possible in Postgres, we have tried all the commands.


Apparently including some that don't even exist...

Write a script, we don't care about permutations, choose your best guess, that doesn't have non-permission related errors i.e., no syntax problems or command not found.  Then ask why that script does or doesn't behave in some way surprising to you.

David J.

pgsql-admin by date:

Previous
From: venkatesh R
Date:
Subject: PG Role : With Crud Operations without Drop DB user
Next
From: Rajesh Kumar
Date:
Subject: Mean_exec_time