Participants
Karen Hill
Karen Hill
Michael Fuhr
Michael Fuhr
John Purser
John Purser
Attachments
Show all attachments
Thread Outline
#1Karen HillKaren Hill
Jul 05, 2006
#2Michael FuhrMichael Fuhrto Karen Hill (#1)
Jul 05, 2006
#3Karen HillKaren Hillto Michael Fuhr (#2)
Jul 06, 2006
#4John PurserJohn Purserto Karen Hill (#3)
Jul 06, 2006
#5Michael FuhrMichael Fuhrto John Purser (#4)
Jul 07, 2006

How do I revoke CREATE TABLE and other privileges?

Started by Karen Hillalmost 20 years ago5 messagesgeneral
Jump to latest
#1Karen Hill
Karen Hill
karen_hill22@yahoo.com

I would like for one role to be able to login, and execute a couple of
functions and nothing else. I've tried to revoke access to CREATE on
the database, schema, and tablespace but when I tested it, the user was
still allowed to create tables.

regards,

#2Michael Fuhr
Michael Fuhr
mike@fuhr.org
In reply to: Karen Hill (#1)
Re: How do I revoke CREATE TABLE and other privileges?

On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:

I would like for one role to be able to login, and execute a couple of
functions and nothing else. I've tried to revoke access to CREATE on
the database, schema, and tablespace but when I tested it, the user was
still allowed to create tables.

From the REVOKE documentation:

Note that any particular role will have the sum of privileges
granted directly to it, privileges granted to any role it is
presently a member of, and privileges granted to PUBLIC.

If PUBLIC still has privileges on the objects then the role still
has privileges, even if you've attempted to revoke them. You'll
probably need to alter the privileges that PUBLIC has, which might
also require altering other roles' privileges to compensate.

--
Michael Fuhr

#3Karen Hill
Karen Hill
karen_hill22@yahoo.com
In reply to: Michael Fuhr (#2)
Re: How do I revoke CREATE TABLE and other privileges?

Michael Fuhr wrote:

On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:

I would like for one role to be able to login, and execute a couple of
functions and nothing else. I've tried to revoke access to CREATE on
the database, schema, and tablespace but when I tested it, the user was
still allowed to create tables.

From the REVOKE documentation:

Note that any particular role will have the sum of privileges
granted directly to it, privileges granted to any role it is
presently a member of, and privileges granted to PUBLIC.

If PUBLIC still has privileges on the objects then the role still
has privileges, even if you've attempted to revoke them. You'll
probably need to alter the privileges that PUBLIC has, which might
also require altering other roles' privileges to compensate.

Hi,

Revoking PUBLIC worked. I can now login to the database and it will
not allow me to create new tables. However when I gave (as postgres)
the restricted user permission to execute one function it says it
cannot find the function when I try to execute it.

regards,

#4John Purser
John Purser
jmpurser@gmail.com
In reply to: Karen Hill (#3)
Re: How do I revoke CREATE TABLE and other privileges?

On 6 Jul 2006 09:46:48 -0700
"Karen Hill" <karen_hill22@yahoo.com> wrote:

Michael Fuhr wrote:

On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:

I would like for one role to be able to login, and execute a
couple of functions and nothing else. I've tried to revoke
access to CREATE on the database, schema, and tablespace but when
I tested it, the user was still allowed to create tables.

From the REVOKE documentation:

Note that any particular role will have the sum of privileges
granted directly to it, privileges granted to any role it is
presently a member of, and privileges granted to PUBLIC.

If PUBLIC still has privileges on the objects then the role still
has privileges, even if you've attempted to revoke them. You'll
probably need to alter the privileges that PUBLIC has, which might
also require altering other roles' privileges to compensate.

Hi,

Revoking PUBLIC worked. I can now login to the database and it will
not allow me to create new tables. However when I gave (as postgres)
the restricted user permission to execute one function it says it
cannot find the function when I try to execute it.

regards,

---------------------------(end of
broadcast)--------------------------- TIP 3: Have you checked our
extensive FAQ?

http://www.postgresql.org/docs/faq

Karen,

You hopefully just need to edit your search path. See page 56 of the
manual for details. Type 'show search_path;' into pgsql and see what
the value is currently set to. Then use set to make it include the
schema with your function.

John Purser

--
I must have a prodigious quantity of mind; it takes me as much as a
week sometimes to make it up.
-- Mark Twain, "The Innocents Abroad"

#5Michael Fuhr
Michael Fuhr
mike@fuhr.org
In reply to: John Purser (#4)
Re: How do I revoke CREATE TABLE and other privileges?

On Thu, Jul 06, 2006 at 09:55:40AM -0700, John Purser wrote:

"Karen Hill" <karen_hill22@yahoo.com> wrote:

Revoking PUBLIC worked. I can now login to the database and it will
not allow me to create new tables. However when I gave (as postgres)
the restricted user permission to execute one function it says it
cannot find the function when I try to execute it.

You hopefully just need to edit your search path. See page 56 of the
manual for details. Type 'show search_path;' into pgsql and see what
the value is currently set to. Then use set to make it include the
schema with your function.

The user probably needs USAGE on the schema. If a user has no
privileges on a schema then he or she can't access objects in that
schema regardless of search_path or the privileges on the objects
themselves.

--
Michael Fuhr

← Back to Topics