I used to work with Oracle, where is obvious to me how to do the thing, but I don't know how to achieve the same functionality in PostgreSQL.
1) Lets say thay USER1 is the OWNER of TEST_TABLE created in schema USER1. I want that USER2 will be able to ALTER user1.test_table(only this privilege, nothing more).
CREATE user1;
CREATE TABLE test_table(a INT);
CREATE user2;
In Oracle is enough to exeucte as USER1:
GRANT ALTER ON test_table TO user2;
And what about PostgreSQL?
Solution from here doesn't work, because common role will be able to do much more than only ALTER: ALTER postgres table owned by user from the same group
2) How to GRANT TO USER1 privilege to CREATE only specific object in his schema? For example:
As SYS in Oracle:
GRANT CREATE TABLE TO USER1;
Now in Oracle USER1 can only create tables in his schema, not SEQUENCES, VIEWS, etc.
What about Postgres?
GRANT CREATE ON SCHEMA USER1 TO USER1;
is much more powerfull and I don't need it.
The following is how you can accomplish the feature you mentioned in PostgreSQL:
Assigning Alternate Authority: You must take two steps in order to give USER2 the ability to modify only a single table that USER1 owns. First, give USER2 access to the table's schema by granting them the
USAGEprivilege, which enables them to view objects in that schema. Second, give USER2 theALTERprivilege on that particular table.With this configuration, USER2 is guaranteed the ability to modify the
test_tablebut not further privileges within the schema.Allowing USER1 to Create Tables Only: Make a different schema for USER1 and make it their default schema in order to allow them to create tables only—not other object kinds, such as sequences or views. Next, provide USER1 access to that schema with the
CREATEprivilege.USER1 is able to construct tables in their schema with this configuration, but they are unable to build additional object kinds such as views or sequences.