What's wrong with this picture. Trying (failing) to create a user called
"select" with default select privs and nothing else. Demo below. Comments in
red...
fcadsql7> psql sde
psql (9.1.5)
Type "help" for help.
sde=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
insert | | {}
pgdbadm | Superuser, Create role, Create DB, Replication | {}
select | | {} <-- the
"select" user
sde=# alter default privileges for user "select" grant select on tables to
"select";
ALTER DEFAULT PRIVILEGES
sde=# alter default privileges for user "select" grant select on sequences to
"select";
ALTER DEFAULT PRIVILEGES
sde=# alter default privileges for user "select" grant execute on functions to
"select";
ALTER DEFAULT PRIVILEGES
"select" user should now get 'select' priv for all future tables and sequences,
and execute functions.
sde=#
sde=# create table foo (a text); <-- note, the "postgres" user is creating the
foo table, not "select"
CREATE TABLE
sde=# insert into foo (a) values ('aaa'), ('bbb');
INSERT 0 2
sde=# select * from foo;
a
-----
aaa
bbb
(2 rows)
sde=# \q
fcadsql7> psql --user=select sde <-- connect as "select" user and try to
select from the new "foo" table. This fails.
psql (9.1.5)
Type "help" for help.
sde=> select * from foo;
ERROR: permission denied for relation foo <--- Brrrrrt!
sde=>
