Home > mailing lists

Re: Deny creation of tables for a user - Mailing list pgsql-general

From	Albe Laurenz
Subject	Re: Deny creation of tables for a user
Date	April 23, 2008 14:06:20
Msg-id	D960CB61B694CF459DCFB4B0128514C202043BFA@exadv11.host.magwien.gv.at Whole thread Raw
In response to	Deny creation of tables for a user (Pascal Cohen <pcohen@wimba.com>)
Responses	Re: Deny creation of tables for a user (Pascal Cohen <pcohen@wimba.com>)
List	pgsql-general

Tree view

Pascal Cohen wrote:
> I am playing with security in Postgres
> And I would like to have a database that can be managed by a given user
> that could do almost anything but I would also have a user that can just
> handle what is created.
> I mean she could insert, update delete rows but not create tables.
>
> I did not find a way to revoke such thing. Is it possible ?

The concept of the privilege system is that each database object
determines what you can do with it (with an access control list).

The owner of a database object can do everything with it.

So I'd do it like this:

Owning user (owns schema "myschema"):

CREATE TABLE myschema.mytable (...);
GRANT USAGE ON SCHEMA myschema TO bibi;
GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi;

Now user "bibi" can du exactly what you want.

Yours,
Laurenz Albe

pgsql-general by date:

From: Stephan Szabo
Date: 23 April 2008, 14:00:14
Subject: Re: Updating with a subselect

From: Tom Lane
Date: 23 April 2008, 14:10:08
Subject: Re: Qty of WAL files

Re: Deny creation of tables for a user - Mailing list pgsql-general

Previous

Next