Pascal Cohen wrote:
> I am playing with security in Postgres
> And I would like to have a database that can be managed by a given user
> that could do almost anything but I would also have a user that can just
> handle what is created.
> I mean she could insert, update delete rows but not create tables.
>
> I did not find a way to revoke such thing. Is it possible ?
The concept of the privilege system is that each database object
determines what you can do with it (with an access control list).
The owner of a database object can do everything with it.
So I'd do it like this:
Owning user (owns schema "myschema"):
CREATE TABLE myschema.mytable (...);
GRANT USAGE ON SCHEMA myschema TO bibi;
GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi;
Now user "bibi" can du exactly what you want.
Yours,
Laurenz Albe