>>> On Fri, Jun 13, 2008 at 11:06 AM, in message <3a0028490806130906i553f9588g810b2d19d95a91a1@xxxxxxxxxxxxxx>, "Rafael Domiciano" <rafael.domiciano@xxxxxxxxx> wrote: > So, there is no manner to define that the user can't do create or drop > objects, but can create temp tables? What we normally do is something like this. create user dbowner password 'ownerpasswd'; create user db password 'normalpasswd'; create user dbviewer password 'viewerpasswd'; create database db with owner dbowner; \c db revoke create on database db from public; revoke create on schema public from public; grant create on schema public to dbowner; set role dbowner; <create objects> Then we limit access to the given database to the appropriate users in the pg_hba.conf file. The owner grants the desired rights to each user. I hope this helps. -Kevin