Folks,
The docs for ALTER DEFAULT PRIVILEGES state:
You can change default privileges only for objects that will be
created by yourself or by roles that you are a member of.
but I have not been able to reproduce the "or by roles that you are a
member of" part. The attached script should create a table tab_one()
which role baz can read. No such grant occurs.
As I understand the docs, anything created by bar have the same
default privileges as foo, and of any other roles of which bar is a
member.
I think that this is a bug, and that the fix should be back-patched.
What say?
Cheers,
David.
--
David Fetter <[email protected]> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: [email protected]
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
CREATE ROLE foo WITH LOGIN;
CREATE ROLE bar WITH LOGIN IN ROLE foo;
CREATE ROLE baz WITH LOGIN;
\c - foo
ALTER DEFAULT PRIVILEGES GRANT SELECT ON TABLES TO bar;
\c - bar
CREATE TABLE tab_one();
\ddp
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
