Milen A. Radev написа:
Jessica Richard написа:
I created a user and granted only "select" to this user so that this
user can only select the tables on a production system. But by
default, this user can also CREATE TABLE successfully....
How can I revoke this "create table" privilege (and possible others)
and limit this user to only the permissions granted by me?
Revoke the "create" privilege on the "public" schema (or any other
schema you've created) from 'public' (that's special "role"). Also
revoke the "create" privilege on the database(s) in question from the
same special role 'public' to prevent creation of new schemas.
More here - http://www.postgresql.org/docs/current/static/sql-grant.html.
Almost forgot - there is another way if the role in question would be
read-only:
ALTER USER username SET default_transaction_read_only to true;
(http://archives.postgresql.org/pgsql-admin/2007-10/msg00101.php)
--
Milen A. Radev
---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate