grant/revoke assigns access privileges for existing objects, but how to
prohibit creating new objects in connected database?