Re: Grant CREATE privilege on all schemas

David G. Johnston писал(а) 2023-09-12 05:42:
> 
> There are default privileges that can be setup so that when new
> objects are created existing roles are given the described grants at
> that time.
> 
> https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html
> 
> Note the absence of DATABASE as an object type on that page.

Thank you for your answer. Unfortunately, I'm not even a junior DBA, so
I might be misunderstanding something. Сan I ask more questions?

Typically, for each of my websites, I create one database, one database
owner role, and its private schema. And I want to have a role that can
to access each private schema to create tables and write data to provide
database migrations.

I can't know what schema I need to create tomorrow, so I think it's
reasonable to grant privileges to the migration role in advance. But
maybe I don't need predefined roles at all.

Now I see that I might to have another problem because tables should be
created by migration role, but after that they must be fully accessible
to the database owner. I think I also need to grant full default
privileges to the database/schema owners on all tables created by the
migration role in their own schemas, right?

Also, when creating databases/schemas, I need to give the migration role
full default privileges to use private schemas, create tables in them,
and write data. In this case, I no longer need the predefined roles.

Does this sound like a good plan? Could you please correct me if there
is a better way to do this?

> There really isn't such a thing as "feature request" here - there
> isn't anyone that really makes it a point to fulfill such requests and
> there is more than manageable work in process already.  That said,
> discussion about what PostgreSQL can and cannot do, sent to the
> -general list, do get read by many including developers.

Thank you. I thought that I missed something.

-- 
With appreciation, 
Ivanov