Management has requested to setup a group of users as READ-ONLY, and to revoke their ability to create tables, views, procedures, functions, etc...
I looked around, and did the following, but it's not working as expected.
CREATE ROLE "RO_Role" WITH
NOLOGIN
NOSUPERUSER
INHERIT
NOCREATEDB
NOCREATEROLE
NOREPLICATION;
COMMENT ON ROLE "RO_Role" IS 'Read-Only role.';
GRANT "RO_Role" to <users>;
GRANT SELECT ON TABLE <tablename> TO "RO_Role";
GRANT EXECUTE ON FUNCTION <functions> TO "RO_ROLE";
On one server, this seems to have limited the users ability to write to tables, but on the other server it didn't work, they can still write to tables.
As for the functions, they can still create. Not sure how to prevent this from happening.
Suggestions?
-- Ron Watkins, K7DOG
602.743.5272