> On 04/05/2023 01:07 CEST M Sarwar <sarwarmd02@outlook.com> wrote:
>
> I want user u2 to have only CREATE VIEW privilege in schema s2. I do not want
> u2 to create any other type of objects in s2 schema.
You can setup a second database db2 just for u2 and have them access your
database db1 via foreign tables. u2 still only has the SELECT privilege in db1
but can create objects in db2 and mess it up as they see fit.
If you go with a single database and event triggers as Tom wrote you must also
consider function security[0]. Otherwise u2 can override relations in s1 just
by creating compatible views in s2 and set search_path=s2,s1. u2 can thus
inject data into functions that have no explicit search_path.
[0]
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.postgresql.org%2Fdocs%2Fcurrent%2Fperm-functions.html&data=05%7C01%7C%7Cd1e2268f4b4145d9459908db4c7f2f1e%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638187881350467541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QjKvSInpN%2BFoIvbgJPyqdM3qA0dHtnUgzcSbzmPRq1k%3D&reserved=0 --
Erik