Pascal Cohen wrote: > I am playing with security in Postgres > And I would like to have a database that can be managed by a given user > that could do almost anything but I would also have a user that can just > handle what is created. > I mean she could insert, update delete rows but not create tables. > > I did not find a way to revoke such thing. Is it possible ? The concept of the privilege system is that each database object determines what you can do with it (with an access control list). The owner of a database object can do everything with it. So I'd do it like this: Owning user (owns schema "myschema"): CREATE TABLE myschema.mytable (...); GRANT USAGE ON SCHEMA myschema TO bibi; GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi; Now user "bibi" can du exactly what you want. Yours, Laurenz Albe
