I have ran the following SQL in psql:
CREATE USER bspu LOGIN;
CREATE DATABASE bsp OWNER bspu;
GRANT ALL PRIVILEGES ON DATABASE bsp TO bspu;
\c bsp
CREATE TABLE users (
id SERIAL PRIMARY KEY,
client_id VARCHAR(20) NOT NULL,
api_key VARCHAR(100) NOT NULL,
api_secret VARCHAR(100) NOT NULL,
auth_token VARCHAR(128) NOT NULL
);
When I login as bspu
, and try to query the users
table, I get the error:
permission denied for relation users
I tried running:
ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO bspu;
But it doesn't help. What am I doing wrong? Why does database owner NOT have permissions to query its own database?
EDIT:
I upgraded bspu
to superuser for now, so I can continue work. Any further guidance appreciated.
Best Answer
DEFAULT PRIVILEGES
do not change permissions for existing objects. They are the default privileges for newly created objects and only for the particular role they belong to. If you do not define the role when runningALTER DEFAULT PRIVILEGES
, it defaults to the current role (when executing theALTER DEFAULT PRIVILEGES
statement.Also, since you are using a
serial
column, which creates aSEQUENCE
, you'll want to set default privileges for sequences as well.Run this on the user you create objects with, before you run the
CREATE
command:If you should use pgAdmin, a word of caution. There is a bug in the current version 1.20 (or older) in the display of the reverse engineered SQL script for
DEFAULT PRIVILEGES
. The display ignores the owning user and is therefore incorrect in certain situations. I reported the bug, the matter is pending.For existing objects you may also be interested in this "batch" form of the
GRANT
command:More under this related question on SO: