Makes sense. Thanks!

On Wed, Sep 11, 2019 at 1:43 PM Tom Lane <t...@sss.pgh.pa.us> wrote:

> Miles Elam <miles.e...@productops.com> writes:
> > Is there any way to prevent a user from dropping a table when that user
> has
> > create rights? I'd like to allow that user to be able to create and
> delete
> > their own tables but not specific shared tables.
>
> I think maybe you didn't read the manual closely.  Creation privileges
> cover the right to create an object (in a given database or
> schema), but only the creator/owner has the right to drop a particular
> object once it exists.
>
> We do grant the owner of a schema or database the right to drop objects
> within it, since they could surely achieve that result by dropping the
> whole schema or database.  But merely having create privilege doesn't
> extend to that.
>
> So basically you want a shared schema that is owned by some trusted
> role, and your less-trusted roles have create (and usage!) on that
> schema.
>
>                         regards, tom lane
>

Reply via email to