On 03/28/2012 09:54 AM, leaf_yxj wrote:
For oracle, the normal user can't see all the system catalog. but for
postgresql, it looks like all the user can see the system catalog.  Should
we limit the user read privilege to system catalog?

In oracle, the system privilege has create table, create view,create
function.  For postgresql database, how to control the user who only can
create table but can't create view. Based on the test I did, once the user
has the create privilege on the schema, the user will have any create
privilege on that schema. In postgresql, Rule is used to control that ???
very confused!

Path to unconfusion:):

You can grant CREATE on a schema and then restrict CREATE within the schema for different objects types. In recent versions you are looking for ALL * IN SCHEMA schema_name where * is the object type.




Adrian Klaver

