On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:
> I would like for one role to be able to login, and execute a couple of
> functions and nothing else. I've tried to revoke access to CREATE on
> the database, schema, and tablespace but when I tested it, the user was
> still allowed to create tables.
>From the REVOKE documentation:
Note that any particular role will have the sum of privileges
granted directly to it, privileges granted to any role it is
presently a member of, and privileges granted to PUBLIC.
If PUBLIC still has privileges on the objects then the role still
has privileges, even if you've attempted to revoke them. You'll
probably need to alter the privileges that PUBLIC has, which might
also require altering other roles' privileges to compensate.
--
Michael Fuhr
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
