AW: NOCREATETABLE patch (was: Re: Please, help!(about P ostgres))

That makes perfect sense to me. I was only going by what System
Privileges are granted to the Oracle roles of the same name. Oracle
has:

CONNECT -
ALTER SESSION
CREATE CLUSTER
CREATE DATABASE LINK
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW

RESOURCE -
CREATE CLUSTER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE TABLE
CREATE TRIGGER

DBA -
All systems privileges WITH ADMIN OPTION

But I agree with you. When I was first learning Oracle, I thought it
strange that the CONNECT role had anything more than CREATE/ALTER
SESSION privilege.

Mike Mascari
mascarm@mascari.com

-----Original Message-----
From: Zeugswetter Andreas SB [SMTP:ZeugswetterA@wien.spardat.at]
Sent: Wednesday, May 09, 2001 3:20 AM
To: 'Bruce Momjian'; mascarm@mascari.com
Cc: Karel Zak; pgsql-hackers
Subject: AW: [HACKERS] NOCREATETABLE patch (was: Re: Please,
help!(about P ostgres))

The connect group would be granted these System Privileges:

If we keep it like others (e.g. Informix) this System Privilege would
be called
"resource". I like this name better, because it more describes the
detailed
priviledges.

CREATE AGGREGATE privilege
CREATE INDEX privilege
CREATE FUNCTION privilege
CREATE OPERATOR privilege
CREATE RULE privilege
CREATE SESSION privilege
CREATE SYNONYM privilege
CREATE TABLE privilege
CREATE TRIGGER privilege
CREATE TYPE privilege
CREATE VIEW privilege

The "connect" group would only have the priviledge to connect to the
db [and
create temp tables ?] and rights they where granted, or that were
granted to public.
They would not be allowed to create anything.

Andreas