Re: How to prevent users from creating tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Milen A. Radev wrote:

> raf ????????????:
> > hi,
> > 
> > in my database, normal users can't select, insert, update or
> > delete anything directly. they can only call functions which
> > are all security defining functions which give access to the
> > data. that's the way i like it.
> > 
> > however, i discovered that normal users can create new
> > tables in the database. is there any way to prevent this?
> > i couldn't find any grant/revoke syntax in the doco that
> > looked relevant.
> [...]
> 
> You need to revoke the "CREATE" privilege for the schema(s) in question
> (http://www.postgresql.org/docs/current/static/sql-grant.html#SQL-GRANT-DESCRIPTION-OBJECTS).
> 
> -- 
> Milen A. Radev

i had revoked all privileges on the database.
i didn't realise this privilege applied to schemas.
so, i'll revoke this privilege from the public schema.

hmm, if i try:

  revoke all privileges on schema public from public;
  revoke all privileges on schema public from staff; -- staff is a role

then i get two warnings:

  WARNING:  no privileges could be revoked for "public"
  WARNING:  no privileges could be revoked for "public"

and a member of the staff role can still create tables.
if i replace "all privileges" with just "create", i
get the same warnings and still no effect.

what did i do wrong?

PostgreSQL 8.3.5 on i386-apple-darwin8.11.1,
compiled by GCC i686-apple-darwin8-gcc-4.0.1
(GCC) 4.0.1 (Apple Computer, Inc. build 5370)


many thanks,
raf


-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux