This recipe answers the question, "How do I make sure that user X cannot access table Y?"
The current user must either be a superuser, the owner of the table, or a user with a GRANT
option for the table.
Also, you can't revoke rights from a user who is a superuser.
To revoke all rights on the table1
table from the user2
user, you must run the following SQL command:
REVOKE ALL ON table1 FROM user2;
However, if user2
had been granted another role that gives them some rights on table1
, say role3
, this command is not enough; you must also choose one of the following options:
"Fix" the user; that is, revoke
role3
fromuser2
"Fix" the role; that is, revoke privileges on
table1
fromrole3
Both choices are imperfect, because of their side effects: the former will revoke all the privileges associated to role3
, not only the privileges concerning table1
; the latter will revoke the privileges on table1
from all the other users that have been granted...