Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
> Tom Lane wrote:
>> Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
>>> It seems that we not able to revoke create privilege on default tablespace.
>>
>> This is intentional.
> I don't understand why.
It's presumed that the right to create tables within a database entails
the right to create them someplace; hence no permissions check is made
on the database's default tablespace. Without that, not only does plain
CREATE TABLE fail (including CREATE TEMP TABLE), but any query complex
enough to require a temporary file would fail as well. So you'd pretty
much have to grant rights on the tablespace to every user of the database
anyway.
By not making that check, we make it feasible to only grant rights on
tablespaces to DB owners/creators, plus any individual users who should
have the right to determine where their tables go.
There is a permission check when a tablespace is first named as the
default space for a new database, but not afterwards.
regards, tom lane