"Roberts, Jon" <Jon.Roberts@xxxxxxxxxxx> writes: > You probably want to also "REVOKE ALL ON SCHEMA public FROM public;" so > users can't create objects in that schema. More like REVOKE CREATE ..., unless your intent is also to deny access to existing stuff in the public schema. You'd also want to make sure the user doesn't have CREATE privilege on the database, lest he create his own schema and then make tables within that. (This is off by default, though.) Lastly, if you don't want him creating even temp tables, you'd need to revoke TEMP privilege on the database from public. Having revoked all these privileges from public, you'd need to grant 'em back to whichever individual users should have them. regards, tom lane
