Michael Orlitzky wrote:
> I want to be able to create a database, set up the (default) group
> permissions, and have them work, even when a new user is added to one of
> the groups. Right now I don't know of a way to get default group
> permissions.
There is none, as far as I can say.
You have two options:
- You have the default privileges on the roles, and every user
has to run SET ROLE to the role before he or she creates objects.
- Whenever you create a new user, you set default privileges
for the user.
I guess that the first solution is not useful until there are
event triggers for database logins.
> The example I came up with requires two groups, and five users (two in
> each group):
[...]
> If I could set up a database with (default) permissions that worked this
> way, I'd be happy.
>
> Right now, I can get it working temporarily with a huge mess of scripts,
> but if another customer-dev gets added, I have to hop in as the
> superuser and run O(n) commands again, where n is either the number of
> databases or number of users (depending on which solution you choose).
I guess I can think of no better way to do it.
I'd try to automatize the process as much as possible, e.g. by
writing functions that create users and automatically set all the
necessary default privileges.
Yours,
Laurenz Albe