GRANT on group does not give access to group members

Dear all,

I'm a bit confused about privilege management in PostgreSQL.

I have a database "db1" , schema "schema1" and table "table1", created with
a superuser.

Now, following the documentation (and what I've learnt about user
management), I created a group called admin and a user login, and gave the
login user the admin privileges.

CREATE ROLE admin NOINHERIT;
CREATE ROLE login LOGIN ENCRYPTED PASSWORD
'md5c2740ac0c81b17602438f3ac849fea08' NOINHERIT;
GRANT admin TO login;

Now, if I grant:

GRANT ALL ON TABLE schema1.table1 TO GROUP admin;

Selecting * from the tabel with user "login" won't work:

ERROR: permission denied for relation table1

If I grant directly to the user:

GRANT ALL ON TABLE schema1.table1 TO login;

It WORKS. Now, that makes the idea of creating few role groups and setting
privileges to them, and later adding maybe a lot of users and just adding
them to the role groups pointless. So why does PostgreSQL work like this and
how can I achieve the common "grant to group" approach?

On another question, if I want to grant privileges to all tables I have to
do them ONE BY ONE. Granting the privileges on the database or the schema
won't recursively grant them on the tables, am I correct?

Thanks a lot for your help!
--
View this message in context: http://www.nabble.com/GRANT-on-group-does-not-give-access-to-group-members-tf4435748.html#a12654908
Sent from the PostgreSQL - general mailing list archive at Nabble.com.