Michael Fuhr wrote:
> On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:
> > I would like for one role to be able to login, and execute a couple of
> > functions and nothing else. I've tried to revoke access to CREATE on
> > the database, schema, and tablespace but when I tested it, the user was
> > still allowed to create tables.
>
> From the REVOKE documentation:
>
> Note that any particular role will have the sum of privileges
> granted directly to it, privileges granted to any role it is
> presently a member of, and privileges granted to PUBLIC.
>
> If PUBLIC still has privileges on the objects then the role still
> has privileges, even if you've attempted to revoke them. You'll
> probably need to alter the privileges that PUBLIC has, which might
> also require altering other roles' privileges to compensate.
>
Hi,
Revoking PUBLIC worked. I can now login to the database and it will
not allow me to create new tables. However when I gave (as postgres)
the restricted user permission to execute one function it says it
cannot find the function when I try to execute it.
regards,