In Redshift I have a data_reader db group defined like this
CREATE GROUP data_reader;
GRANT USAGE ON SCHEMA reports TO GROUP data_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
And I've noticed that whenever I create a new table, group members can't automatically query from the table. They get a Permission Denied error. Re-running
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
Fixes the permission.
Is this just a quirk of Redshift or is there another way I should be defining my db groups?
This statement grants access only to already created tables:
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
In order to grant access by default, you must setup default privileges:
GRANT USAGE ON SCHEMA reports TO group data_reader; --Most probably already granted
ALTER DEFAULT PRIVILEGES IN SCHEMA reports GRANT SELECT ON TABLES to group data_reader;
Now all new created tables will be granted to group for select.