> rhaas=# create user bob;
> CREATE ROLE
> rhaas=# create schema we_like_bob;
> CREATE SCHEMA
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ERROR: permission denied for schema we_like_bob
> rhaas=# grant create on schema we_like_bob to bob;
> GRANT
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ALTER DEFAULT PRIVILEGES
Hmmmm. Must have got something tangled up there; starting over with a
clean database and new users I got it to work. I'll see if I can
reproduce the issue I'm getting on my production schema.
This moves the general brokenness of this feature from a bug to (a) a
documentation issue and (b) unusably fussy. For (a), I think we need
the following line in the docs:
DEFAULT PRIVILEGES may only be granted to a ROLE which already has
CREATE permission on the specified schema.
For (b), I'll take it up in the 9.4 dev cycle.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com