We Keep Coding

PostgreSQL: roles can only access tables they've created

I have a postgresql (v10) database. I've created database tn_beta_db with schema tn_schema. I've created three users and executed the following, which is meant to grant all of them read and maybe modify access on all tables, current and future that tn_beta_migrator might create.
\c tn_beta_db
-- User tn_beta_reader --
ALTER DEFAULT PRIVILEGES IN SCHEMA tn_schema FOR ROLE tn_beta_reader GRANT SELECT ON TABLES TO tn_beta_reader;
GRANT CONNECT ON DATABASE tn_beta_db TO tn_beta_reader;
GRANT USAGE ON SCHEMA tn_schema TO tn_beta_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA tn_schema TO tn_beta_reader;
-- User tn_beta_migrator --
ALTER DEFAULT PRIVILEGES IN SCHEMA tn_schema FOR ROLE tn_beta_migrator GRANT ALL ON TABLES TO tn_beta_migrator;
GRANT CONNECT ON DATABASE tn_beta_db TO tn_beta_migrator;
GRANT USAGE ON SCHEMA tn_schema TO tn_beta_migrator;
GRANT ALL ON ALL TABLES IN SCHEMA tn_schema TO tn_beta_migrator;
GRANT CREATE ON SCHEMA tn_schema TO tn_beta_migrator;
-- User tn_beta_writer --
ALTER DEFAULT PRIVILEGES IN SCHEMA tn_schema FOR ROLE tn_beta_writer GRANT SELECT,INSERT,DELETE,UPDATE ON TABLES TO tn_beta_writer;
GRANT CONNECT ON DATABASE tn_beta_db TO tn_beta_writer;
GRANT USAGE ON SCHEMA tn_schema TO tn_beta_writer;
GRANT SELECT,INSERT,DELETE,UPDATE ON ALL TABLES IN SCHEMA tn_schema TO tn_beta_writer;
If I now connect as tn_beta_migrator, I can create a table and do things with it.
create table tn_schema.foo(x int);
-- and then INSERT, SELECT, UPDATE, even DROP
But now if I connect as either of tn_beta_reader or tn_beta_writer, I can not use that table.
tn_beta_db=> select * from tn_schema.foo ;
ERROR: permission denied for relation foo
tn_beta_db=>
I would expect to be able to read/write/modify/delete as tn_beta_writer and to be able to read as tn_beta_reader.
If I rerun the grant script, above, this permits me to access foo, but a newly created table bar would then be inaccessible.
I'd thought that the alter default privileges commands would permit these roles, in the future, to access the tables created by tn_beta_migrator.
Any pointers on what I've misunderstood?

The role in the FOR ROLE clause in ALTER DEFAULT PRIVILEGES is not the role that will get the privileges, it is the role that creates the tables.
So your statements should start with
ALTER DEFAULT PRIVILEGES FOR ROLE tn_beta_migrator ...

Postgres grant privileges issue

I have to create one database[myDB] and one custom schema[mySchema] not the public one.
Where did I go wrong:
I created 3 users: user_admin, user_rw, user_ro, which will be given access alter.
Now, I login with my super user: postgres [I am using postgres 11 on GCP] through cloud shell.
Created the my database: myDB, I went into myDB. And i fired below commands for all 3 users access.
# for admin user
GRANT CONNECT ON DATABASE myDB TO user-admin;
GRANT USAGE ON SCHEMA mySchema TO user-admin ;
GRANT ALL PRIVILEGES ON SCHEMA mySchema TO user-admin ;
GRANT ALL ON ALL TABLES IN SCHEMA mySchema TO user-admin ;
GRANT ALL ON ALL SEQUENCES IN SCHEMA mySchema TO user-admin ;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA mySchema TO user-admin ;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT ALL PRIVILEGES ON TABLES TO user-admin;
# for read write user
GRANT CONNECT ON DATABASE myDB TO user-rw;
GRANT USAGE ON SCHEMA mySchema TO user-rw ;
GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA mySchema TO user-rw ;
GRANT SELECT,UPDATE ON ALL SEQUENCES IN SCHEMA mySchema TO user-rw ;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA mySchema TO user-rw ;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT,INSERT,UPDATE ON TABLES TO user-rw;
# for read only user
GRANT CONNECT ON DATABASE myDB TO user-ro;
GRANT USAGE ON SCHEMA mySchema TO user-ro ;
GRANT SELECT ON ALL TABLES IN SCHEMA mySchema TO user-ro ;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA mySchema TO user-ro ;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA mySchema TO user-ro ;
ALTER DEFAULT PRIVILEGES IN SCHEMA mySchema GRANT SELECT ON TABLES TO user-ro;
Till this point i did not have any issue.
I created the table in mySchema with the help of user-admin, this would work like this in future as well.
And rest two users will use just for read and another for read write.
The problem is I can not able to see the created table from other users included postgres, user-rw, user-ro but only owner which was user-admin is having access to do all the operations like create and drop.
Also, after creating the table from admin user, when i rerun below command, it gives me permission denied.
GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA mySchema TO user-rw ;
Please let me know what i am doing wrong.

GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA mySchema TO user-rw ;
VS
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA mySchema TO user-rw ;
first option gives privileges to exist tables, the second option give you permission to exist ones and the new ones that i will be created in the future,
but he best approach is not apply this permissions direct to the user, create a group and grant the permissions there and assign the group to the user, the reason if you want to drop the user first u need to drop all the privileges created and after u can drop the user.
Also, after creating the table from admin user, when i rerun below
command, it gives me permission denied.
GRANT SELECT,INSERT,UPDATE ON ALL TABLES IN SCHEMA mySchema TO user-rw
;
about this part make sure u are using the admin to give permission.

Postgres: Permission denied for schema even though grants were given

I am running Postgres 10.4 and am currently baffled since I can't seem to grant access to a schema to another role.
What I want to do:
I have one role with one schema and want to access the schema and its tables from another role. So I did the usual (what worked with other schemas):
grant usage on schema myschema to newuser;
grant select on all tables in schema myschema to newuser;
Both of those statements were run as the owner of the schema. I didn't run into any errors while doing so.
When I log in as the newuser and try to select some data:
select * from myschema.table;
I get the error:
SQL Error [42501]: ERROR: permission denied for schema myschema
I can see that the newuser has the right privileges in the table "information_schema.role_table_grants"
It also worked with another role and another schema. I'm clueless.

Step 1
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA name_schema TO name_user;
Step 2
GRANT USAGE ON SCHEMA name_schema TO name_user;

It definitely works as posted in my question, the problem was that I didn't user the owner of the schema.
So always make sure you grant access to a schema from the owner role.

Set default ACL for all currently defined roles in Postgres

I would like to set default ACL for all roles (i.e. without using PUBLIC) in PostgreSQL and want to avoid enumerating.
Is there an easy way to do that?

You can do this in the following way:
Grant SELECT privilege to everyone for all tables (and views) you subsequently create in schema myschema:
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT SELECT ON TABLES TO PUBLIC;
and allow role webuser to INSERT into them too:
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema GRANT INSERT ON TABLES TO webuser;
and to Undo the above:
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE SELECT ON TABLES FROM PUBLIC;
ALTER DEFAULT PRIVILEGES IN SCHEMA myschema REVOKE INSERT ON TABLES FROM webuser;
Source
That's it :)

postgres role to access all schema

I am using postgres 9.4 database with many schemas. How can I create a login role that can select table of all table of all schema and also any new schema that we create in the database

To answer your comment I think this statement will work:
ALTER DEFAULT PRIVILEGES
FOR ROLE role_name
IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO role_name;