Josh Berkus <josh(at)agliodbs(dot)com> writes:
> Actually, the problem is worse than I thought. It looks like I can't
> set default privs for any role which is not the owner of the schema:
> analytics2=> ALTER DEFAULT PRIVILEGES IN SCHEMA web GRANT SELECT ON
> TABLES TO dbreader;
> ERROR: permission denied for schema web
The fine manual notes that the target role has to already have CREATE
privileges on the target schema --- maybe that's what's biting you in
this case? If so, I'd agree that this error message is insufficiently
specific, but I don't think the restriction is unreasonable. Without
CREATE privs, there's no particular value in setting default privs for
to-be-created objects.
regards, tom lane