diff --git a/internal/diff/default_privilege.go b/internal/diff/default_privilege.go index 0ff36bfa..5341373f 100644 --- a/internal/diff/default_privilege.go +++ b/internal/diff/default_privilege.go @@ -16,7 +16,7 @@ func generateCreateDefaultPrivilegesSQL(privileges []*ir.DefaultPrivilege, targe context := &diffContext{ Type: DiffTypeDefaultPrivilege, Operation: DiffOperationCreate, - Path: fmt.Sprintf("default_privileges.%s.%s", dp.ObjectType, dp.Grantee), + Path: fmt.Sprintf("default_privileges.%s.%s.%s", dp.OwnerRole, dp.ObjectType, dp.Grantee), Source: dp, CanRunInTransaction: true, } @@ -33,7 +33,7 @@ func generateDropDefaultPrivilegesSQL(privileges []*ir.DefaultPrivilege, targetS context := &diffContext{ Type: DiffTypeDefaultPrivilege, Operation: DiffOperationDrop, - Path: fmt.Sprintf("default_privileges.%s.%s", dp.ObjectType, dp.Grantee), + Path: fmt.Sprintf("default_privileges.%s.%s.%s", dp.OwnerRole, dp.ObjectType, dp.Grantee), Source: dp, CanRunInTransaction: true, } @@ -50,7 +50,7 @@ func generateModifyDefaultPrivilegesSQL(diffs []*defaultPrivilegeDiff, targetSch context := &diffContext{ Type: DiffTypeDefaultPrivilege, Operation: DiffOperationAlter, - Path: fmt.Sprintf("default_privileges.%s.%s", diff.New.ObjectType, diff.New.Grantee), + Path: fmt.Sprintf("default_privileges.%s.%s.%s", diff.New.OwnerRole, diff.New.ObjectType, diff.New.Grantee), Source: diff, CanRunInTransaction: true, } @@ -76,8 +76,8 @@ func generateGrantDefaultPrivilegeSQL(dp *ir.DefaultPrivilege, targetSchema stri grantee = ir.QuoteIdentifier(grantee) } - sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s GRANT %s ON %s TO %s", - ir.QuoteIdentifier(targetSchema), privStr, dp.ObjectType, grantee) + sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s GRANT %s ON %s TO %s", + ir.QuoteIdentifier(dp.OwnerRole), ir.QuoteIdentifier(targetSchema), privStr, dp.ObjectType, grantee) if dp.WithGrantOption { sql += " WITH GRANT OPTION" @@ -102,8 +102,8 @@ func generateRevokeDefaultPrivilegeSQL(dp *ir.DefaultPrivilege, targetSchema str grantee = ir.QuoteIdentifier(grantee) } - return fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s REVOKE %s ON %s FROM %s;", - ir.QuoteIdentifier(targetSchema), privStr, dp.ObjectType, grantee) + return fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s REVOKE %s ON %s FROM %s;", + ir.QuoteIdentifier(dp.OwnerRole), ir.QuoteIdentifier(targetSchema), privStr, dp.ObjectType, grantee) } // generateAlterDefaultPrivilegeStatements generates statements for privilege modifications @@ -141,20 +141,21 @@ func (d *defaultPrivilegeDiff) generateAlterDefaultPrivilegeStatements(targetSch } else { grantee = ir.QuoteIdentifier(grantee) } + quotedOwner := ir.QuoteIdentifier(d.New.OwnerRole) quotedSchema := ir.QuoteIdentifier(targetSchema) // Generate REVOKE for removed privileges if len(toRevoke) > 0 { sort.Strings(toRevoke) - statements = append(statements, fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s REVOKE %s ON %s FROM %s;", - quotedSchema, strings.Join(toRevoke, ", "), d.Old.ObjectType, grantee)) + statements = append(statements, fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s REVOKE %s ON %s FROM %s;", + quotedOwner, quotedSchema, strings.Join(toRevoke, ", "), d.Old.ObjectType, grantee)) } // Generate GRANT for added privileges if len(toGrant) > 0 { sort.Strings(toGrant) - sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s GRANT %s ON %s TO %s", - quotedSchema, strings.Join(toGrant, ", "), d.New.ObjectType, grantee) + sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s GRANT %s ON %s TO %s", + quotedOwner, quotedSchema, strings.Join(toGrant, ", "), d.New.ObjectType, grantee) if d.New.WithGrantOption { sql += " WITH GRANT OPTION" } @@ -177,12 +178,12 @@ func (d *defaultPrivilegeDiff) generateAlterDefaultPrivilegeStatements(targetSch unchangedStr := strings.Join(unchanged, ", ") // Revoke unchanged privileges first - statements = append(statements, fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s REVOKE %s ON %s FROM %s;", - quotedSchema, unchangedStr, d.New.ObjectType, grantee)) + statements = append(statements, fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s REVOKE %s ON %s FROM %s;", + quotedOwner, quotedSchema, unchangedStr, d.New.ObjectType, grantee)) // Re-grant with correct option - sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES IN SCHEMA %s GRANT %s ON %s TO %s", - quotedSchema, unchangedStr, d.New.ObjectType, grantee) + sql := fmt.Sprintf("ALTER DEFAULT PRIVILEGES FOR ROLE %s IN SCHEMA %s GRANT %s ON %s TO %s", + quotedOwner, quotedSchema, unchangedStr, d.New.ObjectType, grantee) if d.New.WithGrantOption { sql += " WITH GRANT OPTION" } @@ -195,11 +196,14 @@ func (d *defaultPrivilegeDiff) generateAlterDefaultPrivilegeStatements(targetSch // GetObjectName returns a unique identifier for the default privilege diff func (d *defaultPrivilegeDiff) GetObjectName() string { - return string(d.New.ObjectType) + ":" + d.New.Grantee + return d.New.OwnerRole + ":" + string(d.New.ObjectType) + ":" + d.New.Grantee } // defaultPrivilegesEqual checks if two default privileges are structurally equal func defaultPrivilegesEqual(old, new *ir.DefaultPrivilege) bool { + if old.OwnerRole != new.OwnerRole { + return false + } if old.ObjectType != new.ObjectType { return false } diff --git a/internal/diff/diff.go b/internal/diff/diff.go index 10782a22..d3527b10 100644 --- a/internal/diff/diff.go +++ b/internal/diff/diff.go @@ -938,7 +938,7 @@ func GenerateMigration(oldIR, newIR *ir.IR, targetSchema string) []Diff { // Extract default privileges from all schemas in oldIR for _, dbSchema := range oldIR.Schemas { for _, dp := range dbSchema.DefaultPrivileges { - key := string(dp.ObjectType) + ":" + dp.Grantee + key := dp.OwnerRole + ":" + string(dp.ObjectType) + ":" + dp.Grantee oldDefaultPrivs[key] = dp } } @@ -946,7 +946,7 @@ func GenerateMigration(oldIR, newIR *ir.IR, targetSchema string) []Diff { // Extract default privileges from all schemas in newIR for _, dbSchema := range newIR.Schemas { for _, dp := range dbSchema.DefaultPrivileges { - key := string(dp.ObjectType) + ":" + dp.Grantee + key := dp.OwnerRole + ":" + string(dp.ObjectType) + ":" + dp.Grantee newDefaultPrivs[key] = dp } } @@ -977,20 +977,29 @@ func GenerateMigration(oldIR, newIR *ir.IR, targetSchema string) []Diff { } } - // Sort default privileges for deterministic output + // Sort default privileges for deterministic output (by owner_role, then object_type, then grantee) sort.Slice(diff.addedDefaultPrivileges, func(i, j int) bool { + if diff.addedDefaultPrivileges[i].OwnerRole != diff.addedDefaultPrivileges[j].OwnerRole { + return diff.addedDefaultPrivileges[i].OwnerRole < diff.addedDefaultPrivileges[j].OwnerRole + } if diff.addedDefaultPrivileges[i].ObjectType != diff.addedDefaultPrivileges[j].ObjectType { return diff.addedDefaultPrivileges[i].ObjectType < diff.addedDefaultPrivileges[j].ObjectType } return diff.addedDefaultPrivileges[i].Grantee < diff.addedDefaultPrivileges[j].Grantee }) sort.Slice(diff.droppedDefaultPrivileges, func(i, j int) bool { + if diff.droppedDefaultPrivileges[i].OwnerRole != diff.droppedDefaultPrivileges[j].OwnerRole { + return diff.droppedDefaultPrivileges[i].OwnerRole < diff.droppedDefaultPrivileges[j].OwnerRole + } if diff.droppedDefaultPrivileges[i].ObjectType != diff.droppedDefaultPrivileges[j].ObjectType { return diff.droppedDefaultPrivileges[i].ObjectType < diff.droppedDefaultPrivileges[j].ObjectType } return diff.droppedDefaultPrivileges[i].Grantee < diff.droppedDefaultPrivileges[j].Grantee }) sort.Slice(diff.modifiedDefaultPrivileges, func(i, j int) bool { + if diff.modifiedDefaultPrivileges[i].New.OwnerRole != diff.modifiedDefaultPrivileges[j].New.OwnerRole { + return diff.modifiedDefaultPrivileges[i].New.OwnerRole < diff.modifiedDefaultPrivileges[j].New.OwnerRole + } if diff.modifiedDefaultPrivileges[i].New.ObjectType != diff.modifiedDefaultPrivileges[j].New.ObjectType { return diff.modifiedDefaultPrivileges[i].New.ObjectType < diff.modifiedDefaultPrivileges[j].New.ObjectType } diff --git a/ir/inspector.go b/ir/inspector.go index 12b01ff2..c269b99e 100644 --- a/ir/inspector.go +++ b/ir/inspector.go @@ -2050,8 +2050,9 @@ func (i *Inspector) buildDefaultPrivileges(ctx context.Context, schema *IR, targ return nil } - // Group privileges by (object_type, grantee, is_grantable) + // Group privileges by (owner_role, object_type, grantee, is_grantable) type privKey struct { + OwnerRole string ObjectType string Grantee string WithGrantOption bool @@ -2059,11 +2060,12 @@ func (i *Inspector) buildDefaultPrivileges(ctx context.Context, schema *IR, targ grouped := make(map[privKey][]string) for _, p := range privileges { - if !p.ObjectType.Valid || !p.Grantee.Valid || !p.PrivilegeType.Valid { + if !p.OwnerRole.Valid || !p.ObjectType.Valid || !p.Grantee.Valid || !p.PrivilegeType.Valid { continue } key := privKey{ + OwnerRole: p.OwnerRole.String, ObjectType: p.ObjectType.String, Grantee: p.Grantee.String, WithGrantOption: p.IsGrantable.Valid && p.IsGrantable.Bool, @@ -2078,6 +2080,7 @@ func (i *Inspector) buildDefaultPrivileges(ctx context.Context, schema *IR, targ // Sort privileges for deterministic IR output sort.Strings(privs) dp := &DefaultPrivilege{ + OwnerRole: key.OwnerRole, ObjectType: DefaultPrivilegeObjectType(key.ObjectType), Grantee: key.Grantee, Privileges: privs, @@ -2086,8 +2089,11 @@ func (i *Inspector) buildDefaultPrivileges(ctx context.Context, schema *IR, targ defaultPrivileges = append(defaultPrivileges, dp) } - // Sort for deterministic output + // Sort for deterministic output (by owner_role, then object_type, then grantee) sort.Slice(defaultPrivileges, func(i, j int) bool { + if defaultPrivileges[i].OwnerRole != defaultPrivileges[j].OwnerRole { + return defaultPrivileges[i].OwnerRole < defaultPrivileges[j].OwnerRole + } if defaultPrivileges[i].ObjectType != defaultPrivileges[j].ObjectType { return defaultPrivileges[i].ObjectType < defaultPrivileges[j].ObjectType } diff --git a/ir/ir.go b/ir/ir.go index 2e1555a5..c2009df2 100644 --- a/ir/ir.go +++ b/ir/ir.go @@ -416,6 +416,7 @@ const ( // DefaultPrivilege represents an ALTER DEFAULT PRIVILEGES setting type DefaultPrivilege struct { + OwnerRole string `json:"owner_role"` // Role that owns the default privilege ObjectType DefaultPrivilegeObjectType `json:"object_type"` // TABLES, SEQUENCES, FUNCTIONS, TYPES Grantee string `json:"grantee"` // Role name or "PUBLIC" Privileges []string `json:"privileges"` // SELECT, INSERT, UPDATE, etc. @@ -424,7 +425,7 @@ type DefaultPrivilege struct { // GetObjectName returns a unique identifier for the default privilege func (d *DefaultPrivilege) GetObjectName() string { - return string(d.ObjectType) + ":" + d.Grantee + return d.OwnerRole + ":" + string(d.ObjectType) + ":" + d.Grantee } // PrivilegeObjectType represents the object type for explicit privilege grants diff --git a/ir/queries/queries.sql b/ir/queries/queries.sql index 33f6b587..318a7a61 100644 --- a/ir/queries/queries.sql +++ b/ir/queries/queries.sql @@ -1206,6 +1206,7 @@ ORDER BY n.nspname, t.typname, a.attnum; -- name: GetDefaultPrivilegesForSchema :many WITH acl_expanded AS ( SELECT + d.defaclrole, d.defaclobjtype, (aclexplode(d.defaclacl)).grantee AS grantee_oid, (aclexplode(d.defaclacl)).privilege_type AS privilege_type, @@ -1215,6 +1216,7 @@ WITH acl_expanded AS ( WHERE n.nspname = $1 ) SELECT + pg_get_userbyid(a.defaclrole) AS owner_role, CASE a.defaclobjtype WHEN 'r' THEN 'TABLES' WHEN 'S' THEN 'SEQUENCES' @@ -1227,7 +1229,7 @@ SELECT a.is_grantable FROM acl_expanded a LEFT JOIN pg_roles r ON a.grantee_oid = r.oid -ORDER BY object_type, grantee, privilege_type; +ORDER BY owner_role, object_type, grantee, privilege_type; -- GetPrivilegesForSchema retrieves explicit privilege grants for objects in a specific schema -- name: GetPrivilegesForSchema :many diff --git a/ir/queries/queries.sql.go b/ir/queries/queries.sql.go index 1d6a6e52..391001df 100644 --- a/ir/queries/queries.sql.go +++ b/ir/queries/queries.sql.go @@ -912,6 +912,7 @@ func (q *Queries) GetConstraintsForSchema(ctx context.Context, dollar_1 sql.Null const getDefaultPrivilegesForSchema = `-- name: GetDefaultPrivilegesForSchema :many WITH acl_expanded AS ( SELECT + d.defaclrole, d.defaclobjtype, (aclexplode(d.defaclacl)).grantee AS grantee_oid, (aclexplode(d.defaclacl)).privilege_type AS privilege_type, @@ -921,6 +922,7 @@ WITH acl_expanded AS ( WHERE n.nspname = $1 ) SELECT + pg_get_userbyid(a.defaclrole) AS owner_role, CASE a.defaclobjtype WHEN 'r' THEN 'TABLES' WHEN 'S' THEN 'SEQUENCES' @@ -933,10 +935,11 @@ SELECT a.is_grantable FROM acl_expanded a LEFT JOIN pg_roles r ON a.grantee_oid = r.oid -ORDER BY object_type, grantee, privilege_type +ORDER BY owner_role, object_type, grantee, privilege_type ` type GetDefaultPrivilegesForSchemaRow struct { + OwnerRole sql.NullString `db:"owner_role" json:"owner_role"` ObjectType sql.NullString `db:"object_type" json:"object_type"` Grantee sql.NullString `db:"grantee" json:"grantee"` PrivilegeType sql.NullString `db:"privilege_type" json:"privilege_type"` @@ -954,6 +957,7 @@ func (q *Queries) GetDefaultPrivilegesForSchema(ctx context.Context, dollar_1 sq for rows.Next() { var i GetDefaultPrivilegesForSchemaRow if err := rows.Scan( + &i.OwnerRole, &i.ObjectType, &i.Grantee, &i.PrivilegeType, diff --git a/testdata/diff/default_privilege/add_function_privilege/diff.sql b/testdata/diff/default_privilege/add_function_privilege/diff.sql index dc2c716d..84696bd2 100644 --- a/testdata/diff/default_privilege/add_function_privilege/diff.sql +++ b/testdata/diff/default_privilege/add_function_privilege/diff.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; diff --git a/testdata/diff/default_privilege/add_function_privilege/plan.json b/testdata/diff/default_privilege/add_function_privilege/plan.json index 710dbf7f..b3d0a756 100644 --- a/testdata/diff/default_privilege/add_function_privilege/plan.json +++ b/testdata/diff/default_privilege/add_function_privilege/plan.json @@ -9,10 +9,10 @@ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.FUNCTIONS.api_user" + "path": "default_privileges.testuser.FUNCTIONS.api_user" } ] } diff --git a/testdata/diff/default_privilege/add_function_privilege/plan.sql b/testdata/diff/default_privilege/add_function_privilege/plan.sql index dc2c716d..84696bd2 100644 --- a/testdata/diff/default_privilege/add_function_privilege/plan.sql +++ b/testdata/diff/default_privilege/add_function_privilege/plan.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; diff --git a/testdata/diff/default_privilege/add_function_privilege/plan.txt b/testdata/diff/default_privilege/add_function_privilege/plan.txt index df3c1817..238ac034 100644 --- a/testdata/diff/default_privilege/add_function_privilege/plan.txt +++ b/testdata/diff/default_privilege/add_function_privilege/plan.txt @@ -9,4 +9,4 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT EXECUTE ON FUNCTIONS TO api_user; diff --git a/testdata/diff/default_privilege/add_privilege_with_grant_option/diff.sql b/testdata/diff/default_privilege/add_privilege_with_grant_option/diff.sql index e505eaca..4746a0af 100644 --- a/testdata/diff/default_privilege/add_privilege_with_grant_option/diff.sql +++ b/testdata/diff/default_privilege/add_privilege_with_grant_option/diff.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.json b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.json index b2058e24..c5a22fbe 100644 --- a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.json +++ b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.json @@ -9,10 +9,10 @@ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.TABLES.admin_user" + "path": "default_privileges.testuser.TABLES.admin_user" } ] } diff --git a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.sql b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.sql index e505eaca..4746a0af 100644 --- a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.sql +++ b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.txt b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.txt index 2d711324..56b77ac4 100644 --- a/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.txt +++ b/testdata/diff/default_privilege/add_privilege_with_grant_option/plan.txt @@ -9,4 +9,4 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, SELECT ON TABLES TO admin_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/add_sequence_privilege/diff.sql b/testdata/diff/default_privilege/add_sequence_privilege/diff.sql index 22f2a565..9c37a82b 100644 --- a/testdata/diff/default_privilege/add_sequence_privilege/diff.sql +++ b/testdata/diff/default_privilege/add_sequence_privilege/diff.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; diff --git a/testdata/diff/default_privilege/add_sequence_privilege/plan.json b/testdata/diff/default_privilege/add_sequence_privilege/plan.json index 549f9b23..d15a64de 100644 --- a/testdata/diff/default_privilege/add_sequence_privilege/plan.json +++ b/testdata/diff/default_privilege/add_sequence_privilege/plan.json @@ -9,10 +9,10 @@ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.SEQUENCES.app_user" + "path": "default_privileges.testuser.SEQUENCES.app_user" } ] } diff --git a/testdata/diff/default_privilege/add_sequence_privilege/plan.sql b/testdata/diff/default_privilege/add_sequence_privilege/plan.sql index 22f2a565..9c37a82b 100644 --- a/testdata/diff/default_privilege/add_sequence_privilege/plan.sql +++ b/testdata/diff/default_privilege/add_sequence_privilege/plan.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; diff --git a/testdata/diff/default_privilege/add_sequence_privilege/plan.txt b/testdata/diff/default_privilege/add_sequence_privilege/plan.txt index 60293988..dc831c68 100644 --- a/testdata/diff/default_privilege/add_sequence_privilege/plan.txt +++ b/testdata/diff/default_privilege/add_sequence_privilege/plan.txt @@ -9,4 +9,4 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT, USAGE ON SEQUENCES TO app_user; diff --git a/testdata/diff/default_privilege/add_table_privilege/diff.sql b/testdata/diff/default_privilege/add_table_privilege/diff.sql index ea1cc979..edc6c324 100644 --- a/testdata/diff/default_privilege/add_table_privilege/diff.sql +++ b/testdata/diff/default_privilege/add_table_privilege/diff.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/add_table_privilege/plan.json b/testdata/diff/default_privilege/add_table_privilege/plan.json index 54839831..54681b41 100644 --- a/testdata/diff/default_privilege/add_table_privilege/plan.json +++ b/testdata/diff/default_privilege/add_table_privilege/plan.json @@ -9,16 +9,16 @@ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.TABLES.PUBLIC" + "path": "default_privileges.testuser.TABLES.PUBLIC" }, { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.testuser.TABLES.app_user" } ] } diff --git a/testdata/diff/default_privilege/add_table_privilege/plan.sql b/testdata/diff/default_privilege/add_table_privilege/plan.sql index ea1cc979..edc6c324 100644 --- a/testdata/diff/default_privilege/add_table_privilege/plan.sql +++ b/testdata/diff/default_privilege/add_table_privilege/plan.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/add_table_privilege/plan.txt b/testdata/diff/default_privilege/add_table_privilege/plan.txt index ebc05f17..37c672b1 100644 --- a/testdata/diff/default_privilege/add_table_privilege/plan.txt +++ b/testdata/diff/default_privilege/add_table_privilege/plan.txt @@ -10,6 +10,6 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO PUBLIC; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/add_type_privilege/diff.sql b/testdata/diff/default_privilege/add_type_privilege/diff.sql index 6d2068f5..3183698d 100644 --- a/testdata/diff/default_privilege/add_type_privilege/diff.sql +++ b/testdata/diff/default_privilege/add_type_privilege/diff.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON TYPES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT USAGE ON TYPES TO app_user; diff --git a/testdata/diff/default_privilege/add_type_privilege/plan.json b/testdata/diff/default_privilege/add_type_privilege/plan.json index a387171a..8744bdfe 100644 --- a/testdata/diff/default_privilege/add_type_privilege/plan.json +++ b/testdata/diff/default_privilege/add_type_privilege/plan.json @@ -9,10 +9,10 @@ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON TYPES TO app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT USAGE ON TYPES TO app_user;", "type": "default_privilege", "operation": "create", - "path": "default_privileges.TYPES.app_user" + "path": "default_privileges.testuser.TYPES.app_user" } ] } diff --git a/testdata/diff/default_privilege/add_type_privilege/plan.sql b/testdata/diff/default_privilege/add_type_privilege/plan.sql index 6d2068f5..3183698d 100644 --- a/testdata/diff/default_privilege/add_type_privilege/plan.sql +++ b/testdata/diff/default_privilege/add_type_privilege/plan.sql @@ -1 +1 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON TYPES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT USAGE ON TYPES TO app_user; diff --git a/testdata/diff/default_privilege/add_type_privilege/plan.txt b/testdata/diff/default_privilege/add_type_privilege/plan.txt index 6badcaec..6e578022 100644 --- a/testdata/diff/default_privilege/add_type_privilege/plan.txt +++ b/testdata/diff/default_privilege/add_type_privilege/plan.txt @@ -9,4 +9,4 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE ON TYPES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT USAGE ON TYPES TO app_user; diff --git a/testdata/diff/default_privilege/alter_privilege/diff.sql b/testdata/diff/default_privilege/alter_privilege/diff.sql index 652a2626..6f407259 100644 --- a/testdata/diff/default_privilege/alter_privilege/diff.sql +++ b/testdata/diff/default_privilege/alter_privilege/diff.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/alter_privilege/plan.json b/testdata/diff/default_privilege/alter_privilege/plan.json index 2e0cc4a2..b0561e78 100644 --- a/testdata/diff/default_privilege/alter_privilege/plan.json +++ b/testdata/diff/default_privilege/alter_privilege/plan.json @@ -3,22 +3,22 @@ "pgschema_version": "1.6.0", "created_at": "1970-01-01T00:00:00Z", "source_fingerprint": { - "hash": "b20bb5302b7aedc8845129aab4ae49580d1b782b598c728ef14fb40cbbe086d2" + "hash": "e8f50b636ad809e723b6c4911b9af2cc6a9b55b2f63ef598aeeee7ba4dcc7167" }, "groups": [ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user;", "type": "default_privilege", "operation": "drop", - "path": "default_privileges.SEQUENCES.app_user" + "path": "default_privileges.testuser.SEQUENCES.app_user" }, { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user;", "type": "default_privilege", "operation": "alter", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.testuser.TABLES.app_user" } ] } diff --git a/testdata/diff/default_privilege/alter_privilege/plan.sql b/testdata/diff/default_privilege/alter_privilege/plan.sql index 652a2626..6f407259 100644 --- a/testdata/diff/default_privilege/alter_privilege/plan.sql +++ b/testdata/diff/default_privilege/alter_privilege/plan.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/alter_privilege/plan.txt b/testdata/diff/default_privilege/alter_privilege/plan.txt index 3e476230..3b041fc0 100644 --- a/testdata/diff/default_privilege/alter_privilege/plan.txt +++ b/testdata/diff/default_privilege/alter_privilege/plan.txt @@ -10,6 +10,6 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE USAGE ON SEQUENCES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user; diff --git a/testdata/diff/default_privilege/alter_privilege_and_grant_option/diff.sql b/testdata/diff/default_privilege/alter_privilege_and_grant_option/diff.sql index 2dc364c1..858cc4b1 100644 --- a/testdata/diff/default_privilege/alter_privilege_and_grant_option/diff.sql +++ b/testdata/diff/default_privilege/alter_privilege_and_grant_option/diff.sql @@ -1,5 +1,5 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.json b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.json index 59542f77..5f6b1a31 100644 --- a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.json +++ b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.json @@ -3,28 +3,28 @@ "pgschema_version": "1.6.0", "created_at": "1970-01-01T00:00:00Z", "source_fingerprint": { - "hash": "322eb4edb321a94ee411ad523ff4c646892bd226d9d35fc08402de56707f127f" + "hash": "eecde391d3d75636f96f2f70fea8e5deb5804fd90aaa1c04be028b573c7ca11b" }, "groups": [ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION;", "type": "default_privilege", "operation": "alter", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.testuser.TABLES.app_user" }, { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user;", "type": "default_privilege", "operation": "alter", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.testuser.TABLES.app_user" }, { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION;", "type": "default_privilege", "operation": "alter", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.testuser.TABLES.app_user" } ] } diff --git a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.sql b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.sql index 2dc364c1..858cc4b1 100644 --- a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.sql +++ b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.sql @@ -1,5 +1,5 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.txt b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.txt index 81e1cf6c..532ac8e0 100644 --- a/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.txt +++ b/testdata/diff/default_privilege/alter_privilege_and_grant_option/plan.txt @@ -11,8 +11,8 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT INSERT, UPDATE ON TABLES TO app_user WITH GRANT OPTION; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public REVOKE SELECT ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; +ALTER DEFAULT PRIVILEGES FOR ROLE testuser IN SCHEMA public GRANT SELECT ON TABLES TO app_user WITH GRANT OPTION; diff --git a/testdata/diff/default_privilege/drop_privilege/diff.sql b/testdata/diff/default_privilege/drop_privilege/diff.sql index e843a2b9..054e4b79 100644 --- a/testdata/diff/default_privilege/drop_privilege/diff.sql +++ b/testdata/diff/default_privilege/drop_privilege/diff.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user; diff --git a/testdata/diff/default_privilege/drop_privilege/new.sql b/testdata/diff/default_privilege/drop_privilege/new.sql index 11e96983..fdc4c118 100644 --- a/testdata/diff/default_privilege/drop_privilege/new.sql +++ b/testdata/diff/default_privilege/drop_privilege/new.sql @@ -1,6 +1,9 @@ -- Create roles for testing DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'test_admin') THEN + CREATE ROLE test_admin; + END IF; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'readonly_user') THEN CREATE ROLE readonly_user; END IF; @@ -9,4 +12,10 @@ BEGIN END IF; END $$; +-- Grant membership so current user can set role (works with both testuser and postgres) +DO $$ +BEGIN + EXECUTE format('GRANT test_admin TO %I', current_user); +END $$; + -- Remove all default privileges diff --git a/testdata/diff/default_privilege/drop_privilege/old.sql b/testdata/diff/default_privilege/drop_privilege/old.sql index a122e565..891755e9 100644 --- a/testdata/diff/default_privilege/drop_privilege/old.sql +++ b/testdata/diff/default_privilege/drop_privilege/old.sql @@ -1,6 +1,9 @@ -- Create roles for testing DO $$ BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'test_admin') THEN + CREATE ROLE test_admin; + END IF; IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'readonly_user') THEN CREATE ROLE readonly_user; END IF; @@ -9,6 +12,14 @@ BEGIN END IF; END $$; --- Default privileges configured +-- Grant membership so current user can set role (works with both testuser and postgres) +DO $$ +BEGIN + EXECUTE format('GRANT test_admin TO %I', current_user); +END $$; + +-- Create default privileges AS test_admin (cross-role scenario) +SET ROLE test_admin; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT, UPDATE, DELETE ON TABLES TO app_user; +RESET ROLE; diff --git a/testdata/diff/default_privilege/drop_privilege/plan.json b/testdata/diff/default_privilege/drop_privilege/plan.json index b0c49e80..ecf30174 100644 --- a/testdata/diff/default_privilege/drop_privilege/plan.json +++ b/testdata/diff/default_privilege/drop_privilege/plan.json @@ -3,22 +3,22 @@ "pgschema_version": "1.6.0", "created_at": "1970-01-01T00:00:00Z", "source_fingerprint": { - "hash": "b021448244eec7bd9b054c089ed49d612e39fe7517c356b0c220136059a36043" + "hash": "70ccd3a27b733e69da2235e2c444cd4c6b327eb2e75b4df82d4b8096f7b79194" }, "groups": [ { "steps": [ { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user;", "type": "default_privilege", "operation": "drop", - "path": "default_privileges.TABLES.app_user" + "path": "default_privileges.test_admin.TABLES.app_user" }, { - "sql": "ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user;", + "sql": "ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user;", "type": "default_privilege", "operation": "drop", - "path": "default_privileges.TABLES.readonly_user" + "path": "default_privileges.test_admin.TABLES.readonly_user" } ] } diff --git a/testdata/diff/default_privilege/drop_privilege/plan.sql b/testdata/diff/default_privilege/drop_privilege/plan.sql index e843a2b9..054e4b79 100644 --- a/testdata/diff/default_privilege/drop_privilege/plan.sql +++ b/testdata/diff/default_privilege/drop_privilege/plan.sql @@ -1,3 +1,3 @@ -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user; diff --git a/testdata/diff/default_privilege/drop_privilege/plan.txt b/testdata/diff/default_privilege/drop_privilege/plan.txt index d1a66234..e2dd4155 100644 --- a/testdata/diff/default_privilege/drop_privilege/plan.txt +++ b/testdata/diff/default_privilege/drop_privilege/plan.txt @@ -10,6 +10,6 @@ Default privileges: DDL to be executed: -------------------------------------------------- -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE DELETE, INSERT, UPDATE ON TABLES FROM app_user; -ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user; +ALTER DEFAULT PRIVILEGES FOR ROLE test_admin IN SCHEMA public REVOKE SELECT ON TABLES FROM readonly_user;