Michael Fuhr wrote: > On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote: > > I would like for one role to be able to login, and execute a couple of > > functions and nothing else. I've tried to revoke access to CREATE on > > the database, schema, and tablespace but when I tested it, the user was > > still allowed to create tables. > > From the REVOKE documentation: > > Note that any particular role will have the sum of privileges > granted directly to it, privileges granted to any role it is > presently a member of, and privileges granted to PUBLIC. > > If PUBLIC still has privileges on the objects then the role still > has privileges, even if you've attempted to revoke them. You'll > probably need to alter the privileges that PUBLIC has, which might > also require altering other roles' privileges to compensate. > Hi, Revoking PUBLIC worked. I can now login to the database and it will not allow me to create new tables. However when I gave (as postgres) the restricted user permission to execute one function it says it cannot find the function when I try to execute it. regards,
