Hi,
In using 8.3. I'm trying to set up programmatic database creation but
is there a way that the user creating the databases can be restricting
from dropping them?
I have two roles, 'adminuser' with createdb permission, and 'dbuser' a
user with CRUD privileges.
adminuser is a member of the dbuser role, this seems to allow
adminuser to createdb databases for dbuser with:
createdb -U adminuser -O dbuser new_database_name
Adding .pgpass to the linux user's home directory allows createdb to
work without additional user input.
But now it seems the linux user also has dropdb privileges. How can i
restrict this?
Perhaps there is a recommended method to disable dropdb? Can anyone
suggest?
The adminuser has no login privileges so by removing dropdb this
should remove the possibility for any hacker chaos other than creating
more databases?
Thanks in advance for any advice,
Ben