After a database was updated by the application, a schema dump showed the following default privilege statements:
-- -- Name: DEFAULT PRIVILEGES FOR SEQUENCES; Type: DEFAULT ACL; Schema: public; Owner: gitlab_dbo -- ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL ON SEQUENCES FROM <dbowner>; ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT SELECT,USAGE ON SEQUENCES TO <appuser>; -- -- Name: DEFAULT PRIVILEGES FOR TABLES; Type: DEFAULT ACL; Schema: public; Owner: <dbowner> -- ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public REVOKE ALL ON TABLES FROM <dbowner>; ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES TO <appuser>; Why would you want to revoke all privileges from the dbowner? It actually had granted the privileges to PUBLIC, but I revoked those privileges & changed it to the app account. What is the difference between these statements?: ALTER DEFAULT PRIVILEGES FOR ROLE <dbowner> IN SCHEMA public GRANT ... TO <appuser>; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ... TO <appuser>; Karin Hilbert Database Specialist Administrative Information Services Pennsylvania State University 25 Shields Bldg., University Park, PA 16802 Work - 814-863-3633 Email - i...@psu.edu IM - i...@chat.psu.edu
