Re: Limiting user privileges

On Tue, Jan 11, 2005 at 15:49:32 -0600,
  Tad Marko <tmarko@metrosplash.com> wrote:
>
> In MySQL (the only DB I'm very familiar with), I can create a database,
> import tables, create a user, and then
>
> GRANT ALL ON dbname.* TO whateveruser
>
> and then whateveruser is essentially the super user on that database. I
> think that I understand that in PostgreSQL, I need to make whateveruser
> the owner of the database, then I won't have to go through the GRANT
> step for him.

Making someone the owner of a database isn't going to give that person
access to all other objects in the database. When other users create
objects the database owner won't in general have access to them.

> But, what do I need to do if I need to say easily create users that have
> INSERT and SELECT privileges on all (of a large number of) tables in a
> given database?

You need to write a script or function that gives them appropiate access
to all existing objects. Another possible solution is to have a policy
of giving a specific group access to all objects that are created in the
database. Then you can give new users access to these objects by just
adding them to the group.