I am using PostgreSQL 9.4, I want to make a user with permanent read only access on public schema.
I have tried many different ways to get this but using
REVOKE ALL on schema public to user1;
GRANT SELECT on all tables in schema PUBLIC to user1;
doesn't make any sense for me, user user1
is not able to change any table but is still able to create new tables in public schema.
Best Answer
You're misunderstanding how
REVOKE
works.You can't
REVOKE
a right that was neverGRANT
ed. It doesn't create a deny ACL (a negative right), it removes a granted right if it exist. You didn'tGRANT
rights touser1
on the schema; instead that user inherited them from thepublic
role everyone's a member of. So you can't revoke it.You want to revoke the right given to
public
, then grant it to roles who should have read/write. quick and dirty example: