Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken

> rhaas=# create user bob;
> CREATE ROLE
> rhaas=# create schema we_like_bob;
> CREATE SCHEMA
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ERROR:  permission denied for schema we_like_bob
> rhaas=# grant create on schema we_like_bob to bob;
> GRANT
> rhaas=# alter default privileges for role bob in schema we_like_bob
> grant select on tables to bob;
> ALTER DEFAULT PRIVILEGES

Hmmmm.  Must have got something tangled up there; starting over with a
clean database and new users I got it to work.  I'll see if I can
reproduce the issue I'm getting on my production schema.

This moves the general brokenness of this feature from a bug to (a) a
documentation issue and (b) unusably fussy.  For (a), I think we need
the following line in the docs:

DEFAULT PRIVILEGES may only be granted to a ROLE which already has
CREATE permission on the specified schema.

For (b), I'll take it up in the 9.4 dev cycle.

-- 
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com