patternsqlModerate
Can't alter default privileges
Viewed 0 times
privilegescanalterdefault
Problem
I followed the steps below.
Now I want to give
But got an error:
I have no idea why this command is not working.
- I installed PostgreSQL.
- I logged in as
postgresvia (sudo -i -u postgres)
- I created new user
new_uservia shell scriptcreateuser --interactive
- I granted that user permission to create databases.
- I created database:
createdb new_db.
Now I want to give
new_user privileges be able to perform all default DML operations on tables created by himself (command bellow taken from this question), so I typed:postgres=# ALTER DEFAULT PRIVILEGES FOR new_user IN SCHEMA
public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO new_user;But got an error:
ERROR: syntax error at or near "new_user"
LINE 1: ALTER DEFAULT PRIVILEGES FOR new_user IN SCHEMA public GRANT...I have no idea why this command is not working.
Solution
A key word is missing. It must be:
The manual:
One of both (
Note that the particular command does not make any sense to begin with because, (quoting the manual):
There is no need to grant privileges to the owner of an object
(usually the user that created it), as the owner has all privileges by default.
If you want that to grant permissions for objects that a different user (like
You probably wouldn't want to restrict that to a particular schema.
And you typically want to grant privileges on sequences, too:
ALTER DEFAULT PRIVILEGES FOR ROLE new_user IN SCHEMA public GRANT...The manual:
ALTER DEFAULT PRIVILEGES
[ FOR { ROLE | USER } target_role [, ...] ]One of both (
{ ROLE | USER }) is required.Note that the particular command does not make any sense to begin with because, (quoting the manual):
There is no need to grant privileges to the owner of an object
(usually the user that created it), as the owner has all privileges by default.
If you want that to grant permissions for objects that a different user (like
postgres) created then use:ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT ALL ON TABLES TO new_user;You probably wouldn't want to restrict that to a particular schema.
And you typically want to grant privileges on sequences, too:
ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT ALL ON SEQUENCES TO new_user;Code Snippets
ALTER DEFAULT PRIVILEGES FOR ROLE new_user IN SCHEMA public GRANT...ALTER DEFAULT PRIVILEGES
[ FOR { ROLE | USER } target_role [, ...] ]ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT ALL ON TABLES TO new_user;ALTER DEFAULT PRIVILEGES FOR ROLE postgres
GRANT ALL ON SEQUENCES TO new_user;Context
StackExchange Database Administrators Q#114834, answer score: 10
Revisions (0)
No revisions yet.