Re: Define permissions at database level

On 18/02/10 08:53, dipti shah wrote:
> Hi,
>
> Is it possible to define the permissions at database level such that no
> users(except postgres) can execute DROP, ALTER, TRUNCATE commands directily?
> Users have to use the given stored procedures.

1. Place users into appropriate groups (makes it easier to manage
later). Note that groups and users are actually both just roles.

2. Use GRANT/REVOKE to restrict what those users can do.

3. Write your "alter table" function owned by user "postgres" and make
sure it's marked "SECURITY DEFINER".

http://www.postgresql.org/docs/8.4/static/user-manag.html
http://www.postgresql.org/docs/8.4/static/sql-createfunction.html

--
   Richard Huxton
   Archonet Ltd