Miles Elam <miles.elam@productops.com> writes:
> Is there any way to prevent a user from dropping a table when that user has
> create rights? I'd like to allow that user to be able to create and delete
> their own tables but not specific shared tables.
I think maybe you didn't read the manual closely. Creation privileges
cover the right to create an object (in a given database or
schema), but only the creator/owner has the right to drop a particular
object once it exists.
We do grant the owner of a schema or database the right to drop objects
within it, since they could surely achieve that result by dropping the
whole schema or database. But merely having create privilege doesn't
extend to that.
So basically you want a shared schema that is owned by some trusted
role, and your less-trusted roles have create (and usage!) on that
schema.
regards, tom lane