Jessica Richard написа:
[...]
> Two questions:
>
> 1. How do I create a user with ONLY select permission but nothing else (not even creating any new tables)?
You could not create a read-only role by just using CREATE ROLE - you
could control the privileges that role has on particular DB objects.
When you create DB objects (schemas, tables, functions etc.) revoke all
privileges from PUBLIC, because every authenticated user is (part of)
PUBLIC. Then give some privileges to those roles that need them - like
"SELECT" for the role in question.
>
> 2. How do I check to see what permissions a particular user currently has?
>
> I know that \z tablename can show who has what permissions on a table, but it does not tell if a user has "create
table"permission or not.
Tables are created in schemas so you need to check if the role has
"CREATE" privilege for the particular schema. Check also the "CREATE"
privilege for that role on the DB.
--
Milen A. Radev