Folks, The "FOR ROLE" syntax is completely broken, as of 9.2.4. Not sure when exactly this got broken; I remember it working sometime in the past:
[jberkus@pgx-test ~]$ psql -U postgres analytics2 psql (9.2.4) Type "help" for help. analytics2=# ALTER DEFAULT PRIVILEGES FOR ROLE webui IN SCHEMA web GRANT SELECT ON TABLES TO dbreader; ERROR: permission denied for schema web ... in fact, there is no combination of actions which will make "FOR ROLE" work. Any invokation of "FOR ROLE" inevitably results in a "permission denied" message: analytics2=> \c - webui You are now connected to database "analytics2" as user "webui". analytics2=> ALTER DEFAULT PRIVILEGES FOR ROLE webui IN SCHEMA web GRANT SELECT ON TABLES TO dbreader; ERROR: permission denied for schema web -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
