I want to create a role named manager in postgresql . This role can update, select, delete and insert data in all tables but users that belong to this role cannot create a table nor modify the schema.
I tried the following sql statement:
CREATE ROLE manager
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
How can I achieve this condition?.
Best Answer
The privilege to create tables is granted to new roles automatically. You need to
REVOKE
the role'sCREATE
privilege on theschema
(not thedatabase
):Per documentation on
GRANT
:And
REVOKE
all direct privileges any role might have in respective schemas. By default, plain roles only have privileges for the schemapublic
and schemas they create themselves.