David G. Johnston писал(а) 2023-09-12 05:42:
>
> There are default privileges that can be setup so that when new
> objects are created existing roles are given the described grants at
> that time.
>
> https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html
>
> Note the absence of DATABASE as an object type on that page.
Thank you for your answer. Unfortunately, I'm not even a junior DBA, so
I might be misunderstanding something. Сan I ask more questions?
Typically, for each of my websites, I create one database, one database
owner role, and its private schema. And I want to have a role that can
to access each private schema to create tables and write data to provide
database migrations.
I can't know what schema I need to create tomorrow, so I think it's
reasonable to grant privileges to the migration role in advance. But
maybe I don't need predefined roles at all.
Now I see that I might to have another problem because tables should be
created by migration role, but after that they must be fully accessible
to the database owner. I think I also need to grant full default
privileges to the database/schema owners on all tables created by the
migration role in their own schemas, right?
Also, when creating databases/schemas, I need to give the migration role
full default privileges to use private schemas, create tables in them,
and write data. In this case, I no longer need the predefined roles.
Does this sound like a good plan? Could you please correct me if there
is a better way to do this?
> There really isn't such a thing as "feature request" here - there
> isn't anyone that really makes it a point to fulfill such requests and
> there is more than manageable work in process already. That said,
> discussion about what PostgreSQL can and cannot do, sent to the
> -general list, do get read by many including developers.
Thank you. I thought that I missed something.
--
With appreciation,
Ivanov