Thread: BUG #12939: GRANT ALL ON ALL SEQUENCES doesn't work for sequences not yet existing

The following bug has been logged on the website:

Bug reference:      12939
Logged by:          Tyler Hale
Email address:      tyler.hale@capitalone.com
PostgreSQL version: 9.3.5
Operating system:   Red Hat Enterprise Linux Server release 6.6 (Santi
Description:

Running a GRANT ALL ON ALL SEQUENCES IN PUBLIC SCHEMA doesn't work when the
sequence is created after running the GRANT statement regardless of whether
the sequence was created implicitly or explicitly.

Tyler,

* tyler.hale@capitalone.com (tyler.hale@capitalone.com) wrote:
> Running a GRANT ALL ON ALL SEQUENCES IN PUBLIC SCHEMA doesn't work when the
> sequence is created after running the GRANT statement regardless of whether
> the sequence was created implicitly or explicitly.

GRANT ALL only operates against objects which already exist.

If you wish to set default privileges, use ALTER DEFAULT PRIVILEGES.
Those will then apply for newly created objects.

    Thanks!

        Stephen

Tyler,

It's true for all object types.  GRANT ON ALL addresses objects which
currently exist while ALTER DEFAULT PRIVILEGES addresses objects which
are created in the future.

Thanks!

    Stephen

* Hale, Tyler (Tyler.Hale@capitalone.com) wrote:
> Thanks for the insight Stephen.  Do you know if this type of functionalit=
y is only limited to sequences or all types of database objects?  I am rela=
tively new to Postgres and am trying to come up with rules/best practices f=
or my team to use when deploying new structures on Postgres.
>=20
> Thanks,
> Tyler
>=20
> -----Original Message-----
> From: Stephen Frost [mailto:sfrost@snowman.net]=20
> Sent: Wednesday, April 01, 2015 5:08 PM
> To: Hale, Tyler
> Cc: pgsql-bugs@postgresql.org
> Subject: Re: [BUGS] BUG #12939: GRANT ALL ON ALL SEQUENCES doesn't work f=
or sequences not yet existing
>=20
> Tyler,
>=20
> * tyler.hale@capitalone.com (tyler.hale@capitalone.com) wrote:
> > Running a GRANT ALL ON ALL SEQUENCES IN PUBLIC SCHEMA doesn't work=20
> > when the sequence is created after running the GRANT statement=20
> > regardless of whether the sequence was created implicitly or explicitly.
>=20
> GRANT ALL only operates against objects which already exist.
>=20
> If you wish to set default privileges, use ALTER DEFAULT PRIVILEGES.
> Those will then apply for newly created objects.
>=20
>     Thanks!
>=20
>         Stephen
> ________________________________________________________
>=20
> The information contained in this e-mail is confidential and/or proprieta=
ry to Capital One and/or its affiliates. The information transmitted herewi=
th is intended only for use by the individual or entity to which it is addr=
essed.  If the reader of this message is not the intended recipient, you ar=
e hereby notified that any review, retransmission, dissemination, distribut=
ion, copying or other use of, or taking of any action in reliance upon this=
 information is strictly prohibited. If you have received this communicatio=
n in error, please contact the sender and delete the material from your com=
puter.

> * Hale, Tyler (Tyler.Hale@capitalone.com) wrote:
>> >Thanks for the insight Stephen.  Do you know if this type of functionality is only limited to sequences or all
typesof database objects?  I am relatively new to Postgres and am trying to come up with rules/best practices for my
teamto use when deploying new structures on Postgres. 

best practices IMHO are to include the GRANT's with the CREATE
statements.   grant permissions to groups rather than specific roles,
and make the user roles members of those groups.




--
john r pierce, recycling bits in santa cruz

Thanks for the insight Stephen.  Do you know if this type of functionality =
is only limited to sequences or all types of database objects?  I am relati=
vely new to Postgres and am trying to come up with rules/best practices for=
 my team to use when deploying new structures on Postgres.

Thanks,
Tyler

-----Original Message-----
From: Stephen Frost [mailto:sfrost@snowman.net] =

Sent: Wednesday, April 01, 2015 5:08 PM
To: Hale, Tyler
Cc: pgsql-bugs@postgresql.org
Subject: Re: [BUGS] BUG #12939: GRANT ALL ON ALL SEQUENCES doesn't work for=
 sequences not yet existing

Tyler,

* tyler.hale@capitalone.com (tyler.hale@capitalone.com) wrote:
> Running a GRANT ALL ON ALL SEQUENCES IN PUBLIC SCHEMA doesn't work =

> when the sequence is created after running the GRANT statement =

> regardless of whether the sequence was created implicitly or explicitly.

GRANT ALL only operates against objects which already exist.

If you wish to set default privileges, use ALTER DEFAULT PRIVILEGES.
Those will then apply for newly created objects.

    Thanks!

        Stephen
________________________________________________________

The information contained in this e-mail is confidential and/or proprietary=
 to Capital One and/or its affiliates. The information transmitted herewith=
 is intended only for use by the individual or entity to which it is addres=
sed.  If the reader of this message is not the intended recipient, you are =
hereby notified that any review, retransmission, dissemination, distributio=
n, copying or other use of, or taking of any action in reliance upon this i=
nformation is strictly prohibited. If you have received this communication =
in error, please contact the sender and delete the material from your compu=
ter.