Re: REVOKE CREATE does not work on default tablespace

[Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM>]

Tom Lane wrote:
> Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> writes:
> > Tom Lane wrote:
> > > Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> writes:
> > > > It seems that we not able to revoke create privilege on default tablespace.
> > > This is intentional.
>
> > I don't understand why.
>
> It's presumed that the right to create tables within a database entails
> the right to create them someplace; hence no permissions check is made
> on the database's default tablespace.  Without that, not only does plain
> CREATE TABLE fail (including CREATE TEMP TABLE), but any query complex
> enough to require a temporary file would fail as well.  So you'd pretty
> much have to grant rights on the tablespace to every user of the database
> anyway.

If only temporary objects are problem I think better solution is to create 
pg_temp tablespace which will be used as default for temporary data (if 
temp_tablespaces is not set) and this table space will have create rights for 
everyone. It should be stored in separate directory (e.g. data/pg_temp).

Maybe add temp flag to tablespace should make sense - It will mean that only 
temporary object can be created in this tablespace.


		Zdenek