Rob Emery schrieb am 11.03.2016 um 12:18: > So we're looking at automating our migrations against PG for the > developers so that it's simple enough for them and no maintenance for > me. I'm struggling to find a role/permissions structure that works; > we've come from SQL Server so we're used to having DBRoles. > > So I want the re_migration role to be able to create tables, > sequences etc and grant to other users etc; yet I want the > live_application role to be able to select,insert,update,delete. > > It seems that the only real solution here is to have the db owned by > re_migration, then in every migration GRANT > SELECT,INSERT,UPDATE,DELETE to the live_application role? You can set default privileges for a schema: http://www.postgresql.org/docs/current/static/sql-alterdefaultprivileges.html If you do that, every object that is created in the schema is automatically assigned those default privileges. So you only need to do do once, after you create a new schema, e.g. as re_migration do: create schema dbo; grant usage on dbo to life_application; alter default privileges in schema dbo grant select,insert,update,delete on tables to live_application; alter default privileges in schema dbo grant usage,select,update on sequences to live_application; Of course the re_migration role needs to have the privileges to create a schema. Thomas -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
