statement ok
CREATE DATABASE d;
GRANT CREATE ON DATABASE d TO testuser

# By default, testuser should have ALL privileges on a sequences it creates.
user testuser

statement ok
USE d;

statement ok
CREATE SEQUENCE testuser_s;

query TTTTTB colnames,rowsort
SHOW GRANTS ON testuser_s;
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
d              public       testuser_s  admin     ALL             true
d              public       testuser_s  root      ALL             true
d              public       testuser_s  testuser  ALL             true

statement ok
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SEQUENCES FROM testuser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM testuser;

statement ok
CREATE SEQUENCE testuser_s2;

# Note that CREATE is still present for testuser due to our current inheritance
# behavior.
# TODO(richardjcai): Remove this when we remove our current inheritance logic.
query TTTTTB colnames,rowsort
SHOW GRANTS ON testuser_s2
----
database_name  schema_name  table_name   grantee   privilege_type  is_grantable
d              public       testuser_s2  admin     ALL             true
d              public       testuser_s2  root      ALL             true
d              public       testuser_s2  testuser  ALL             true

user root

statement ok
USE test;

statement ok
CREATE USER testuser2

statement ok
ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO testuser, testuser2

statement ok
CREATE SEQUENCE s

query TTTTTB colnames,rowsort
SHOW GRANTS ON s
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       s           admin      ALL             true
test           public       s           root       ALL             true
test           public       s           testuser   ALL             false
test           public       s           testuser2  ALL             false

# Sequence DEFAULT PRIVILEGES should be separate from tables.
statement ok
CREATE TABLE t()

query TTTTTB colnames,rowsort
SHOW GRANTS ON t
----
database_name  schema_name  table_name  grantee  privilege_type  is_grantable
test           public       t           admin    ALL             true
test           public       t           root     ALL             true


statement ok
ALTER DEFAULT PRIVILEGES REVOKE SELECT ON SEQUENCES FROM testuser, testuser2

statement ok
CREATE SEQUENCE s2

query TTTTTB colnames,rowsort
SHOW GRANTS ON s2
----
database_name  schema_name  table_name  grantee    privilege_type  is_grantable
test           public       s2          admin      ALL             true
test           public       s2          root       ALL             true
test           public       s2          testuser   CHANGEFEED      false
test           public       s2          testuser   CREATE          false
test           public       s2          testuser   DELETE          false
test           public       s2          testuser   DROP            false
test           public       s2          testuser   INSERT          false
test           public       s2          testuser   UPDATE          false
test           public       s2          testuser   USAGE           false
test           public       s2          testuser   ZONECONFIG      false
test           public       s2          testuser2  CHANGEFEED      false
test           public       s2          testuser2  CREATE          false
test           public       s2          testuser2  DELETE          false
test           public       s2          testuser2  DROP            false
test           public       s2          testuser2  INSERT          false
test           public       s2          testuser2  UPDATE          false
test           public       s2          testuser2  USAGE           false
test           public       s2          testuser2  ZONECONFIG      false

statement ok
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SEQUENCES FROM testuser, testuser2

statement ok
CREATE SEQUENCE s3

query TTTTTB colnames,rowsort
SHOW GRANTS ON s3
----
database_name  schema_name  table_name  grantee  privilege_type  is_grantable
test           public       s3          admin    ALL             true
test           public       s3          root     ALL             true

statement ok
GRANT CREATE ON DATABASE d TO testuser

user testuser
statement ok
USE d

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE testuser REVOKE ALL ON SEQUENCES FROM testuser, testuser2

statement ok
CREATE SEQUENCE s4

# testuser still has CREATE due to "inheriting" it from the parent database.
query TTTTTB colnames,rowsort
SHOW GRANTS ON s4
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
d              public       s4          admin     ALL             true
d              public       s4          root      ALL             true
d              public       s4          testuser  ALL             true

user root
statement ok
USE d

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE testuser REVOKE ALL ON SEQUENCES FROM testuser, testuser2

user testuser
statement ok
USE d

statement ok
CREATE SEQUENCE s5

# testuser still has CREATE due to "inheriting" it from the parent database.
query TTTTTB colnames,rowsort
SHOW GRANTS ON s5
----
database_name  schema_name  table_name  grantee   privilege_type  is_grantable
d              public       s5          admin     ALL             true
d              public       s5          root      ALL             true
d              public       s5          testuser  ALL             true
