statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT SELECT ON TABLES TO testuser

statement ok
CREATE TABLE t()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
test           public       t           admin     ALL             true
test           public       t           root      ALL             true
test           public       t           testuser  SELECT          false

statement ok
ALTER DEFAULT PRIVILEGES GRANT CREATE ON TABLES TO testuser

statement ok
CREATE TABLE t2()

# Taking the union of default privileges defined on ALL ROLES and testuser
# testuser should have CREATE and SELECT on the table.
query TTTTTB colnames,rowsort
SHOW GRANTS ON t2
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
test           public       t2          admin     ALL             true
test           public       t2          root      ALL             true
test           public       t2          testuser  CREATE          false
test           public       t2          testuser  SELECT          false

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES REVOKE SELECT ON TABLES FROM testuser

statement ok
CREATE TABLE t3()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t3
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
test           public       t3          admin     ALL             true
test           public       t3          root      ALL             true
test           public       t3          testuser  CREATE          false

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT CREATE ON TABLES TO testuser

statement ok
CREATE TABLE t4()

# CREATE is defined as a default privilege when the table is created by
# ALL ROLES and root.
query TTTTTB colnames,rowsort
SHOW GRANTS ON t4
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
test           public       t4          admin     ALL             true
test           public       t4          root      ALL             true
test           public       t4          testuser  CREATE          false

statement ok
CREATE USER testuser2

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT CREATE ON TABLES TO testuser, testuser2

statement ok
CREATE TABLE t5()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t5
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       t5          admin      ALL             true
test           public       t5          root       ALL             true
test           public       t5          testuser   CREATE          false
test           public       t5          testuser2  CREATE          false

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT ALL ON TABLES TO testuser, testuser2

statement ok
CREATE TABLE t6()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t6
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       t6          admin      ALL             true
test           public       t6          root       ALL             true
test           public       t6          testuser   ALL             false
test           public       t6          testuser2  ALL             false

# Revoking from the target role should not affect the default privileges
# defined on ALL ROLES.
statement ok
ALTER DEFAULT PRIVILEGES REVOKE ALL ON TABLES FROM testuser, testuser2

statement ok
CREATE TABLE t7()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t7
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       t7          admin      ALL             true
test           public       t7          root       ALL             true
test           public       t7          testuser   ALL             false
test           public       t7          testuser2  ALL             false

user testuser

# Must be an admin to alter default privileges for all roles.
statement error pq: only users with the admin role are allowed to ALTER DEFAULT PRIVILEGES FOR ALL ROLES
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT SELECT ON TABLES TO testuser

user root

# Ensure default privileges can be defined for all roles on schemas, types
# and sequences.
statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT ALL ON SEQUENCES TO testuser, testuser2;
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT ALL ON SCHEMAS TO testuser, testuser2;
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT ALL ON TYPES TO testuser, testuser2;

statement ok
CREATE SCHEMA s

query TTTTB colnames,rowsort
SHOW GRANTS ON SCHEMA s
----
database_name  schema_name  grantee    privilege_type  is_grantable
test           s            admin      ALL             true
test           s            root       ALL             true
test           s            testuser   ALL             false
test           s            testuser2  ALL             false

statement ok
CREATE SEQUENCE seq

query TTTTTB colnames,rowsort
SHOW GRANTS ON seq
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       seq         admin      ALL             true
test           public       seq         root       ALL             true
test           public       seq         testuser   ALL             false
test           public       seq         testuser2  ALL             false

statement ok
CREATE TYPE typ AS ENUM()

query TTTTTB colnames,rowsort
SHOW GRANTS ON TYPE typ
----
database_name  schema_name  type_name  grantee    privilege_type  is_grantable
test           public       typ        admin      ALL             true
test           public       typ        public     USAGE           false
test           public       typ        root       ALL             true
test           public       typ        testuser   ALL             false
test           public       typ        testuser2  ALL             false
