Folks,
The docs for ALTER DEFAULT PRIVILEGES state:
You can change default privileges only for objects that will be
created by yourself or by roles that you are a member of.
but I have not been able to reproduce the "or by roles that you are a
member of" part. The attached script should create a table tab_one()
which role baz can read. No such grant occurs.
As I understand the docs, anything created by bar have the same
default privileges as foo, and of any other roles of which bar is a
member.
I think that this is a bug, and that the fix should be back-patched.
What say?
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate