I have large database and with this DB work more users and I very need

more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.

This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:

CREATE USER username
    [ WITH
     [ SYSID uid ]
     [ PASSWORD 'password' ] ]
    [ CREATEDB   | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
->  [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
    ...etc.

 If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).

 A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.

                                                Karel

src/backend/commands/command.c

@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.77 2000/06/04 22:04:32 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.78 2000/06/09 15:50:43 momjian Exp $
  *
  * NOTES
  *	  The PortalExecutorHeapMemory crap needs to be eliminated
@@ -30,6 +30,7 @@
 #include "commands/command.h"
 #include "executor/spi.h"
 #include "catalog/heap.h"
+#include "catalog/pg_shadow.h"
 #include "miscadmin.h"
 #include "optimizer/prep.h"
 #include "utils/acl.h"
@@ -1211,6 +1212,21 @@ LockTableCommand(LockStmt *lockstmt)
 {
 	Relation	rel;
 	int			aclresult;
+	HeapTuple	tup;
+
+	
+	/* ----------
+	 * Check pg_shadow for global lock setting 
+	 * ----------
+	 */
+	tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
+
+	if (!HeapTupleIsValid(tup))
+ 		elog(ERROR, "LOCK TABLE: look at pg_shadow failed"); 
+
+ 	if (!((Form_pg_shadow) GETSTRUCT(tup))->uselocktable)
+ 		elog(ERROR, "LOCK TABLE: permission denied");	
+
 
 	rel = heap_openr(lockstmt->relname, NoLock);
 	if (!RelationIsValid(rel))