Your problem is probably the "INHERIT" and GRANT dbA TO bob; GRANT dbA_ro TO bob; GRANT dbB TO bob; GRANT dbB_ro TO bob;
options. If any of the dbA's have the permission to CREATE tables (and I suspect they do), so will bob. On Tue, Jun 2, 2015 at 1:50 PM, Steve Pribyl <steve.pri...@akunacapital.com> wrote: > Josh, > > Via psql: > CREATE ROLE bob LOGIN > NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; > GRANT dbA TO bob; > GRANT dbA_ro TO bob; > GRANT dbB TO bob; > GRANT dbB_ro TO bob; > > dbA, dbA_ro, dbB, and dbB_ro are roles. > > I have not created any database yet or assigned permissions to the roles. > > Steve Pribyl > > > > ________________________________________ > From: pgsql-general-ow...@postgresql.org < > pgsql-general-ow...@postgresql.org> on behalf of Joshua D. Drake < > j...@commandprompt.com> > Sent: Tuesday, June 2, 2015 12:44 PM > To: pgsql-general@postgresql.org > Subject: Re: [GENERAL] postgres db permissions > > On 06/02/2015 10:36 AM, Steve Pribyl wrote: > > > > Good Afternoon, > > > > Built a fresh 9.3. postgres server and added some users and noticed that > any user can create tables in any database including the postgres database > by default. > > > > Have I missed some step in securing the default install? > > How exactly did you add the users? > > JD > > > > -- > Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564 > PostgreSQL Centered full stack support, consulting and development. > Announcing "I'm offended" is basically telling the world you can't > control your own emotions, so everyone else should do it for you. > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > ________________________________ > [http://www.akunacapital.com/images/akuna.png] > Steve Pribyl | Senior Systems Engineer > Akuna Capital LLC > 36 S Wabash, Suite 310 Chicago IL 60603 USA | www.akunacapital.com < > http://www.akunacapital.com> > p: +1 312 994 4646 | m: 847-343-2349 | f: +1 312 750 1667 | > steve.pri...@akunacapital.com > > Please consider the environment, before printing this email. > > This electronic message contains information from Akuna Capital LLC that > may be confidential, legally privileged or otherwise protected from > disclosure. This information is intended for the use of the addressee only > and is not offered as investment advice to be relied upon for personal or > professional use. Additionally, all electronic messages are recorded and > stored in compliance pursuant to applicable SEC rules. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, printing or any other use of, or any action in reliance on, > the contents of this electronic message is strictly prohibited. If you have > received this communication in error, please notify us by telephone at > (312)994-4640 and destroy the original message. > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- *Melvin Davidson* I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.
