On Fri, 2020-03-06 at 11:04 +0000, Schmid Andreas wrote: > I'd like to setup my database in a way that only a superuser may create > schemas, > then grants permission to a specific user to create tables inside this schema. > This should work so far with GRANT CREATE ON SCHEMA ... TO user_a. > However I want the table owner not to be the user that creates the tables. > Instead the owner should rather be a generic role (e.g. table_owner), and the > owner should be the same over all tables of the whole database. This would > work, > too, if I grant membership in role table_owner to all users that may create > tables. > (The users must issue a SET ROLE table_owner before creating tables.)
Yes, that will work, but you have to SET ROLE before creating the table. > What I didn't achieve so far is making sure that user_a who created tables in > schema_a > cannot crete/modify tables of schema_b that were created by user_b. Do you > see any way > to achieve this, while still sticking to that generic owner role? No, that is impossible. But I don't understand the motivation: If you want that, why would you want a "table_owner" role? If you don't want user B to be able to drop user A's table, why don't you have each user be the owner of his tables? Yours, Laurenz Albe
