On Fri, 2020-03-06 at 11:04 +0000, Schmid Andreas wrote:
> I'd like to setup my database in a way that only a superuser may create schemas,
> then grants permission to a specific user to create tables inside this schema.
> This should work so far with GRANT CREATE ON SCHEMA ... TO user_a.
> However I want the table owner not to be the user that creates the tables.
> Instead the owner should rather be a generic role (e.g. table_owner), and the
> owner should be the same over all tables of the whole database. This would work,
> too, if I grant membership in role table_owner to all users that may create tables.
> (The users must issue a SET ROLE table_owner before creating tables.)
Yes, that will work, but you have to SET ROLE before creating the table.
> What I didn't achieve so far is making sure that user_a who created tables in schema_a
> cannot crete/modify tables of schema_b that were created by user_b. Do you see any way
> to achieve this, while still sticking to that generic owner role?
No, that is impossible.
But I don't understand the motivation: If you want that, why would you
want a "table_owner" role?
If you don't want user B to be able to drop user A's table, why don't
you have each user be the owner of his tables?
Yours,
Laurenz Albe