On Thu, Nov 16, 2000 at 10:02:23AM +1100, some SMTP stream spewed forth:
> In Postgres 7.0.2 (not sure about previous versions, I'm sure someone else
> knows), you can have multiple users (obviously with different username and
> passwords), and you have to "grant access" to a user for anything (reading,
> writing, creation etc), and it *is* database specific (AFAIK).
>
> http://www.postgresql.org/docs/aw_pgsql_book/node214.html
> This page might give you a better idea of how it works :)
>
Thank you for your speedy (and helpful) reply.
I think I missed something somewhere.
Here is how things are set up now (on our system):
pg_hba.conf:
host all 0.0.0.0 0.0.0.0 password
local all password
psql -U superuser template1
->create user someuser with password 'userpass';
->create database somedb;
->\q
psql -U someuser somedb;
->create table sometable (blah char(15));
->insert into sometable values ('blahtest');
->drop table sometable;
All other table access not explicitly grant-ed is denied.
(Note the lack of any grant-ing any rights to 'someuser'.)
The user 'someuser' is able to create tables under any database and is
able to connect to any database (connecting is not so bad, as that does
not allow reads or writes to existing tables).
I saw nothing in any of the online manuals regarding 'GRANT ALL'
supplying table creation rights..
Is table creation limited only if the user is in a group? (That seems
rather odd.)
Thank you for the link. (I have d/l-ed the book prior to this issue
though. ;-))
Keep in mind, all privileges other than table creation are working as
expected.
I thank you again.
gh
> Regards,
>
>
> >How are Postgres administrators (e.g. ISPs) securing table creation?
> >
> >As I see it, any user may create tables under any database (except
> >Postgres system catalogs) whether they are meant to be allowed to or
> >are not. Is this accurate? I do not see any way to define permissions
> >for a database regarding creating tables under that database.
> >