Sean Chittenden writes:
> At the very least, it's an easier way of guaranteeing a READ ONLY
> database. Securing a database with GRANT/REVOKE can be tedious and
> error prone.
A database is already secure from a new user by default: He cannot read or
write or create anything except temporary tables and possibly the public
schema. Setting him "read only" isn't going to change anything, because
he still can't actually read anything. Before he can do that, the
administrator needs to grant him SELECT privileges. And after that,
there is still no difference between "read only" and "read write", because
the user still can't write anything.
--
Peter Eisentraut peter_e@gmx.net