This topic describes an issue with object ownership for PostgreSQL when you use VMware Tanzu Service Broker for AWS.


When a developer binds a PostgreSQL service instance to an application, the broker creates a distinct role with unique credentials. The broker ensures that all the distinct roles are members of a group named binding_group.

Members of this group have full privileges to objects created by other members. However, this does not include the ability to DROP or ALTER objects.

For more information about defining access privileges, see GRANT in the PostgreSQL documentation.

Create an Object using the binding_group Role

So that members of binding_group can ALTER or DROP an object, you must assign the group’s role before creating an object.

To do this, do the following:

  1. Set your role to binding_group:

    For example:

    # SET ROLE binding_group;
  2. Create the object:

    For example:

    \# CREATE TABLE data

After this is done, you can continue with your actions to modify the object.

For more information about setting the current user identifier of the current session, see SET ROLE in the PostgreSQL documentation.

check-circle-line exclamation-circle-line close-line
Scroll to top icon