This topic describes an issue with object ownership for PostgreSQL when you use VMware Tanzu Service Broker for AWS.
When a developer binds a PostgreSQL service instance to an application, the broker creates a distinct role with unique credentials. The broker ensures that all the distinct roles are members of a group named binding_group
.
Members of this group have full privileges to objects created by other members. However, this does not include the ability to DROP
or ALTER
objects.
For more information about defining access privileges, see GRANT in the PostgreSQL documentation.
So that members of binding_group
can ALTER
or DROP
an object, you must assign the group’s role before creating an object.
To do this, do the following:
Set your role to binding_group
:
For example:
# SET ROLE binding_group;
Create the object:
For example:
\# CREATE TABLE data
After this is complete, you can continue with your actions to modify the object.
For more information about setting the current user identifier of the current session, see SET ROLE in the PostgreSQL documentation.