| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Date: | 2013-04-29 16:50:06 |
| Message-ID: | 517EA4BE.4000403@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> rhaas=# create user bob;
> CREATE ROLE
> rhaas=# create schema we_like_bob;
> CREATE SCHEMA
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ERROR: permission denied for schema we_like_bob
> rhaas=# grant create on schema we_like_bob to bob;
> GRANT
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ALTER DEFAULT PRIVILEGES
Hmmmm. Must have got something tangled up there; starting over with a
clean database and new users I got it to work. I'll see if I can
reproduce the issue I'm getting on my production schema.
This moves the general brokenness of this feature from a bug to (a) a
documentation issue and (b) unusably fussy. For (a), I think we need
the following line in the docs:
DEFAULT PRIVILEGES may only be granted to a ROLE which already has
CREATE permission on the specified schema.
For (b), I'll take it up in the 9.4 dev cycle.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2013-04-29 16:56:28 | Re: [PATCH] add --throttle option to pgbench |
| Previous Message | Misa Simic | 2013-04-29 16:47:53 | Re: Graph datatype addition |