On 07/02/2013 03:35 AM, Albe Laurenz wrote:
> Michael Orlitzky wrote:
>> I want to be able to create a database, set up the (default) group
>> permissions, and have them work, even when a new user is added to one of
>> the groups. Right now I don't know of a way to get default group
>> permissions.
>
> There is none, as far as I can say.
>
> You have two options:
> - You have the default privileges on the roles, and every user
> has to run SET ROLE to the role before he or she creates objects.
> - Whenever you create a new user, you set default privileges
> for the user.
>
> I guess that the first solution is not useful until there are
> event triggers for database logins.
>
Thanks for taking a look. The first isn't manageable because it requires
users to do things.
The second is what I've decided on for now, but the way that I know
which default privileges to set is to look up his group membership "by
hand" and set his default privileges on the databases where the group
should have them. I'd love it if that step could be automated.
