Albe Laurenz wrote:
Pascal Cohen wrote:
I am playing with security in Postgres
And I would like to have a database that can be managed by a given user
that could do almost anything but I would also have a user that can just
handle what is created.
I mean she could insert, update delete rows but not create tables.
I did not find a way to revoke such thing. Is it possible ?
The concept of the privilege system is that each database object
determines what you can do with it (with an access control list).
The owner of a database object can do everything with it.
So I'd do it like this:
Owning user (owns schema "myschema"):
CREATE TABLE myschema.mytable (...);
GRANT USAGE ON SCHEMA myschema TO bibi;
GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi;
Now user "bibi" can du exactly what you want.
Yours,
Laurenz Albe
Thanks all for your help.
Your examples + re-reading the documentation made things clear to my mind.
Thanks again!
