Home > mailing lists

Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken
Date	April 29, 2013 03:52:04
Msg-id	1682.1367196717@sss.pgh.pa.us Whole thread Raw
In response to	Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

Josh Berkus <josh@agliodbs.com> writes:
> Actually, the problem is worse than I thought.  It looks like I can't
> set default privs for any role which is not the owner of the schema:

> analytics2=> ALTER DEFAULT PRIVILEGES IN SCHEMA web GRANT SELECT ON
> TABLES TO dbreader;
> ERROR:  permission denied for schema web

The fine manual notes that the target role has to already have CREATE
privileges on the target schema --- maybe that's what's biting you in
this case?  If so, I'd agree that this error message is insufficiently
specific, but I don't think the restriction is unreasonable.  Without
CREATE privs, there's no particular value in setting default privs for
to-be-created objects.
        regards, tom lane

pgsql-hackers by date:

From: Robert Haas
Date: 29 April 2013, 03:41:28
Subject: Re: Graph datatype addition

From: Josh Berkus
Date: 29 April 2013, 04:39:16
Subject: Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken

Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken - Mailing list pgsql-hackers

Previous

Next