In our system we have a hybrid security system. We have tables that I want to make sure that based on membership in a group that update and/or delete is not allowed to a specific group. We also have application level security which is much more granular and is much more job function based. Our application is a transportation application, so a user might have insert, update and delete in order entry but a dispatcher would not have the ability to delete a order, they must cancel it with a reason code. These would both be part of the same ROLE in the database. Trying to maintain the database to match the application security would become cumbersome for our customers. Now for the question, if I specifically revoke a update or delete on a per table basis for a role to I still have to specifically define what security attributes they have access on? If this doesn't work, would I give access to the schema and then just specifically revoke the update or delete functionality for just the tables I'm looking to protect. Best Regards Mike Gould -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general