When creating a new database i create two roles (dbname_rw and dbnabe_ro) where the _rw-role is owner of the database. I also create a s_databse serviceuser and append it to the _rw role. More users can be created on request and are appended on the rw or ro-role.
There is a "alter default privileges in schema public" in place which grants ALL to the rw-role for new tables and select to the ro-role. but it only does it, if the rw-role is creating the table. if the user (for example serviceuser) is creating new items, it does not add this default privs. (which is by design, but bad because other users won't be able to access the table).
do you have a good way to work around this? is my role-setup "correct" or do you have a better idea how to do this? as i understood, there is no possibility to have a wildcard-default-privilege-setting, right?