Folks,
The "FOR ROLE" syntax is completely broken, as of 9.2.4. Not sure when
exactly this got broken; I remember it working sometime in the past:
[jberkus@pgx-test ~]$ psql -U postgres analytics2
psql (9.2.4)
Type "help" for help.
analytics2=# ALTER DEFAULT PRIVILEGES FOR ROLE webui IN SCHEMA web
GRANT SELECT ON TABLES TO dbreader;
ERROR: permission denied for schema web
... in fact, there is no combination of actions which will make "FOR
ROLE" work. Any invokation of "FOR ROLE" inevitably results in a
"permission denied" message:
analytics2=> \c - webui
You are now connected to database "analytics2" as user "webui".
analytics2=> ALTER DEFAULT PRIVILEGES FOR ROLE webui IN SCHEMA web
GRANT SELECT ON TABLES TO dbreader;
ERROR: permission denied for schema web
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com