statement ok
ALTER DEFAULT PRIVILEGES GRANT SELECT ON TABLES TO PUBLIC;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON TYPES TO PUBLIC;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO PUBLIC;
ALTER DEFAULT PRIVILEGES GRANT SELECT ON SEQUENCES TO PUBLIC;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         root      false          tables       public    SELECT          false
test           NULL         root      false          sequences    public    SELECT          false
test           NULL         root      false          schemas      public    USAGE           false
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          types        public    USAGE           false
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false

statement ok
CREATE USER foo

statement ok
CREATE USER bar

statement ok
ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO foo, bar;
ALTER DEFAULT PRIVILEGES GRANT ALL ON TYPES TO foo, bar;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO foo, bar;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO foo, bar;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges WHERE grantee='foo' OR grantee='bar'
----
database_name  schema_name  role  for_all_roles  object_type  grantee  privilege_type  is_grantable
defaultdb      NULL         bar   false          tables       bar      ALL             true
defaultdb      NULL         bar   false          sequences    bar      ALL             true
defaultdb      NULL         bar   false          types        bar      ALL             true
defaultdb      NULL         bar   false          schemas      bar      ALL             true
defaultdb      NULL         bar   false          routines     bar      ALL             true
defaultdb      NULL         foo   false          tables       foo      ALL             true
defaultdb      NULL         foo   false          sequences    foo      ALL             true
defaultdb      NULL         foo   false          types        foo      ALL             true
defaultdb      NULL         foo   false          schemas      foo      ALL             true
defaultdb      NULL         foo   false          routines     foo      ALL             true
postgres       NULL         bar   false          tables       bar      ALL             true
postgres       NULL         bar   false          sequences    bar      ALL             true
postgres       NULL         bar   false          types        bar      ALL             true
postgres       NULL         bar   false          schemas      bar      ALL             true
postgres       NULL         bar   false          routines     bar      ALL             true
postgres       NULL         foo   false          tables       foo      ALL             true
postgres       NULL         foo   false          sequences    foo      ALL             true
postgres       NULL         foo   false          types        foo      ALL             true
postgres       NULL         foo   false          schemas      foo      ALL             true
postgres       NULL         foo   false          routines     foo      ALL             true
system         NULL         bar   false          tables       bar      ALL             true
system         NULL         bar   false          sequences    bar      ALL             true
system         NULL         bar   false          types        bar      ALL             true
system         NULL         bar   false          schemas      bar      ALL             true
system         NULL         bar   false          routines     bar      ALL             true
system         NULL         foo   false          tables       foo      ALL             true
system         NULL         foo   false          sequences    foo      ALL             true
system         NULL         foo   false          types        foo      ALL             true
system         NULL         foo   false          schemas      foo      ALL             true
system         NULL         foo   false          routines     foo      ALL             true
test           NULL         bar   false          tables       bar      ALL             true
test           NULL         bar   false          sequences    bar      ALL             true
test           NULL         bar   false          types        bar      ALL             true
test           NULL         bar   false          schemas      bar      ALL             true
test           NULL         bar   false          routines     bar      ALL             true
test           NULL         foo   false          tables       foo      ALL             true
test           NULL         foo   false          sequences    foo      ALL             true
test           NULL         foo   false          types        foo      ALL             true
test           NULL         foo   false          schemas      foo      ALL             true
test           NULL         foo   false          routines     foo      ALL             true
test           NULL         root  false          types        bar      ALL             false
test           NULL         root  false          types        foo      ALL             false
test           NULL         root  false          schemas      bar      ALL             false
test           NULL         root  false          schemas      foo      ALL             false
test           NULL         root  false          tables       bar      ALL             false
test           NULL         root  false          tables       foo      ALL             false
test           NULL         root  false          sequences    bar      ALL             false
test           NULL         root  false          sequences    foo      ALL             false

statement ok
GRANT foo, bar TO root;

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON TABLES TO foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON TYPES TO foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON SCHEMAS TO foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar GRANT ALL ON SEQUENCES TO foo, bar;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges WHERE role='foo' OR role='bar'
----
database_name  schema_name  role  for_all_roles  object_type  grantee  privilege_type  is_grantable
defaultdb      NULL         bar   false          tables       bar      ALL             true
defaultdb      NULL         bar   false          sequences    bar      ALL             true
defaultdb      NULL         bar   false          types        bar      ALL             true
defaultdb      NULL         bar   false          schemas      bar      ALL             true
defaultdb      NULL         bar   false          routines     bar      ALL             true
defaultdb      NULL         bar   false          types        public   USAGE           false
defaultdb      NULL         bar   false          routines     public   EXECUTE         false
defaultdb      NULL         foo   false          tables       foo      ALL             true
defaultdb      NULL         foo   false          sequences    foo      ALL             true
defaultdb      NULL         foo   false          types        foo      ALL             true
defaultdb      NULL         foo   false          schemas      foo      ALL             true
defaultdb      NULL         foo   false          routines     foo      ALL             true
defaultdb      NULL         foo   false          types        public   USAGE           false
defaultdb      NULL         foo   false          routines     public   EXECUTE         false
postgres       NULL         bar   false          tables       bar      ALL             true
postgres       NULL         bar   false          sequences    bar      ALL             true
postgres       NULL         bar   false          types        bar      ALL             true
postgres       NULL         bar   false          schemas      bar      ALL             true
postgres       NULL         bar   false          routines     bar      ALL             true
postgres       NULL         bar   false          types        public   USAGE           false
postgres       NULL         bar   false          routines     public   EXECUTE         false
postgres       NULL         foo   false          tables       foo      ALL             true
postgres       NULL         foo   false          sequences    foo      ALL             true
postgres       NULL         foo   false          types        foo      ALL             true
postgres       NULL         foo   false          schemas      foo      ALL             true
postgres       NULL         foo   false          routines     foo      ALL             true
postgres       NULL         foo   false          types        public   USAGE           false
postgres       NULL         foo   false          routines     public   EXECUTE         false
system         NULL         bar   false          tables       bar      ALL             true
system         NULL         bar   false          sequences    bar      ALL             true
system         NULL         bar   false          types        bar      ALL             true
system         NULL         bar   false          schemas      bar      ALL             true
system         NULL         bar   false          routines     bar      ALL             true
system         NULL         bar   false          types        public   USAGE           false
system         NULL         bar   false          routines     public   EXECUTE         false
system         NULL         foo   false          tables       foo      ALL             true
system         NULL         foo   false          sequences    foo      ALL             true
system         NULL         foo   false          types        foo      ALL             true
system         NULL         foo   false          schemas      foo      ALL             true
system         NULL         foo   false          routines     foo      ALL             true
system         NULL         foo   false          types        public   USAGE           false
system         NULL         foo   false          routines     public   EXECUTE         false
test           NULL         bar   false          tables       foo      ALL             false
test           NULL         bar   false          sequences    foo      ALL             false
test           NULL         bar   false          types        foo      ALL             false
test           NULL         bar   false          schemas      foo      ALL             false
test           NULL         bar   false          tables       bar      ALL             true
test           NULL         bar   false          sequences    bar      ALL             true
test           NULL         bar   false          types        bar      ALL             true
test           NULL         bar   false          schemas      bar      ALL             true
test           NULL         bar   false          routines     bar      ALL             true
test           NULL         bar   false          types        public   USAGE           false
test           NULL         bar   false          routines     public   EXECUTE         false
test           NULL         foo   false          types        bar      ALL             false
test           NULL         foo   false          schemas      bar      ALL             false
test           NULL         foo   false          tables       bar      ALL             false
test           NULL         foo   false          sequences    bar      ALL             false
test           NULL         foo   false          tables       foo      ALL             true
test           NULL         foo   false          sequences    foo      ALL             true
test           NULL         foo   false          types        foo      ALL             true
test           NULL         foo   false          schemas      foo      ALL             true
test           NULL         foo   false          routines     foo      ALL             true
test           NULL         foo   false          types        public   USAGE           false
test           NULL         foo   false          routines     public   EXECUTE         false

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON TABLES FROM foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON TYPES FROM foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON SCHEMAS FROM foo, bar;
ALTER DEFAULT PRIVILEGES FOR ROLE foo, bar REVOKE ALL ON SEQUENCES FROM foo, bar;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         bar       false          tables       bar       ALL             true
defaultdb      NULL         bar       false          sequences    bar       ALL             true
defaultdb      NULL         bar       false          types        bar       ALL             true
defaultdb      NULL         bar       false          schemas      bar       ALL             true
defaultdb      NULL         bar       false          routines     bar       ALL             true
defaultdb      NULL         bar       false          types        public    USAGE           false
defaultdb      NULL         bar       false          routines     public    EXECUTE         false
defaultdb      NULL         foo       false          tables       foo       ALL             true
defaultdb      NULL         foo       false          sequences    foo       ALL             true
defaultdb      NULL         foo       false          types        foo       ALL             true
defaultdb      NULL         foo       false          schemas      foo       ALL             true
defaultdb      NULL         foo       false          routines     foo       ALL             true
defaultdb      NULL         foo       false          types        public    USAGE           false
defaultdb      NULL         foo       false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         bar       false          tables       bar       ALL             true
postgres       NULL         bar       false          sequences    bar       ALL             true
postgres       NULL         bar       false          types        bar       ALL             true
postgres       NULL         bar       false          schemas      bar       ALL             true
postgres       NULL         bar       false          routines     bar       ALL             true
postgres       NULL         bar       false          types        public    USAGE           false
postgres       NULL         bar       false          routines     public    EXECUTE         false
postgres       NULL         foo       false          tables       foo       ALL             true
postgres       NULL         foo       false          sequences    foo       ALL             true
postgres       NULL         foo       false          types        foo       ALL             true
postgres       NULL         foo       false          schemas      foo       ALL             true
postgres       NULL         foo       false          routines     foo       ALL             true
postgres       NULL         foo       false          types        public    USAGE           false
postgres       NULL         foo       false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         bar       false          tables       bar       ALL             true
system         NULL         bar       false          sequences    bar       ALL             true
system         NULL         bar       false          types        bar       ALL             true
system         NULL         bar       false          schemas      bar       ALL             true
system         NULL         bar       false          routines     bar       ALL             true
system         NULL         bar       false          types        public    USAGE           false
system         NULL         bar       false          routines     public    EXECUTE         false
system         NULL         foo       false          tables       foo       ALL             true
system         NULL         foo       false          sequences    foo       ALL             true
system         NULL         foo       false          types        foo       ALL             true
system         NULL         foo       false          schemas      foo       ALL             true
system         NULL         foo       false          routines     foo       ALL             true
system         NULL         foo       false          types        public    USAGE           false
system         NULL         foo       false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         bar       false          routines     bar       ALL             true
test           NULL         bar       false          types        public    USAGE           false
test           NULL         bar       false          routines     public    EXECUTE         false
test           NULL         foo       false          routines     foo       ALL             true
test           NULL         foo       false          types        public    USAGE           false
test           NULL         foo       false          routines     public    EXECUTE         false
test           NULL         root      false          types        bar       ALL             false
test           NULL         root      false          types        foo       ALL             false
test           NULL         root      false          schemas      bar       ALL             false
test           NULL         root      false          schemas      foo       ALL             false
test           NULL         root      false          schemas      public    USAGE           false
test           NULL         root      false          tables       bar       ALL             false
test           NULL         root      false          tables       foo       ALL             false
test           NULL         root      false          tables       public    SELECT          false
test           NULL         root      false          sequences    bar       ALL             false
test           NULL         root      false          sequences    foo       ALL             false
test           NULL         root      false          sequences    public    SELECT          false
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          types        public    USAGE           false
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false

statement ok
ALTER DEFAULT PRIVILEGES REVOKE SELECT ON TABLES FROM foo, bar, public;
ALTER DEFAULT PRIVILEGES REVOKE ALL ON TYPES FROM foo, bar, public;
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM foo, bar, public;
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SEQUENCES FROM foo, bar, public;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         foo       false          tables       foo       ALL             true
defaultdb      NULL         foo       false          sequences    foo       ALL             true
defaultdb      NULL         foo       false          types        foo       ALL             true
defaultdb      NULL         foo       false          schemas      foo       ALL             true
defaultdb      NULL         foo       false          routines     foo       ALL             true
defaultdb      NULL         foo       false          types        public    USAGE           false
defaultdb      NULL         foo       false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         bar       false          tables       bar       ALL             true
defaultdb      NULL         bar       false          sequences    bar       ALL             true
defaultdb      NULL         bar       false          types        bar       ALL             true
defaultdb      NULL         bar       false          schemas      bar       ALL             true
defaultdb      NULL         bar       false          routines     bar       ALL             true
defaultdb      NULL         bar       false          types        public    USAGE           false
defaultdb      NULL         bar       false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         foo       false          tables       foo       ALL             true
postgres       NULL         foo       false          sequences    foo       ALL             true
postgres       NULL         foo       false          types        foo       ALL             true
postgres       NULL         foo       false          schemas      foo       ALL             true
postgres       NULL         foo       false          routines     foo       ALL             true
postgres       NULL         foo       false          types        public    USAGE           false
postgres       NULL         foo       false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         bar       false          tables       bar       ALL             true
postgres       NULL         bar       false          sequences    bar       ALL             true
postgres       NULL         bar       false          types        bar       ALL             true
postgres       NULL         bar       false          schemas      bar       ALL             true
postgres       NULL         bar       false          routines     bar       ALL             true
postgres       NULL         bar       false          types        public    USAGE           false
postgres       NULL         bar       false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         foo       false          tables       foo       ALL             true
system         NULL         foo       false          sequences    foo       ALL             true
system         NULL         foo       false          types        foo       ALL             true
system         NULL         foo       false          schemas      foo       ALL             true
system         NULL         foo       false          routines     foo       ALL             true
system         NULL         foo       false          types        public    USAGE           false
system         NULL         foo       false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         bar       false          tables       bar       ALL             true
system         NULL         bar       false          sequences    bar       ALL             true
system         NULL         bar       false          types        bar       ALL             true
system         NULL         bar       false          schemas      bar       ALL             true
system         NULL         bar       false          routines     bar       ALL             true
system         NULL         bar       false          types        public    USAGE           false
system         NULL         bar       false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         foo       false          routines     foo       ALL             true
test           NULL         foo       false          types        public    USAGE           false
test           NULL         foo       false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         bar       false          routines     bar       ALL             true
test           NULL         bar       false          types        public    USAGE           false
test           NULL         bar       false          routines     public    EXECUTE         false
test           NULL         root      false          tables       bar       BACKUP          false
test           NULL         root      false          tables       bar       CHANGEFEED      false
test           NULL         root      false          tables       bar       CREATE          false
test           NULL         root      false          tables       bar       DROP            false
test           NULL         root      false          tables       bar       INSERT          false
test           NULL         root      false          tables       bar       DELETE          false
test           NULL         root      false          tables       bar       UPDATE          false
test           NULL         root      false          tables       bar       ZONECONFIG      false
test           NULL         root      false          tables       bar       TRIGGER         false
test           NULL         root      false          tables       foo       BACKUP          false
test           NULL         root      false          tables       foo       CHANGEFEED      false
test           NULL         root      false          tables       foo       CREATE          false
test           NULL         root      false          tables       foo       DROP            false
test           NULL         root      false          tables       foo       INSERT          false
test           NULL         root      false          tables       foo       DELETE          false
test           NULL         root      false          tables       foo       UPDATE          false
test           NULL         root      false          tables       foo       ZONECONFIG      false
test           NULL         root      false          tables       foo       TRIGGER         false
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false

statement ok
ALTER DEFAULT PRIVILEGES REVOKE ALL ON TABLES FROM foo, bar, public;
ALTER DEFAULT PRIVILEGES GRANT DROP, ZONECONFIG ON TABLES TO foo WITH GRANT OPTION;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         bar       false          tables       bar       ALL             true
defaultdb      NULL         bar       false          sequences    bar       ALL             true
defaultdb      NULL         bar       false          types        bar       ALL             true
defaultdb      NULL         bar       false          schemas      bar       ALL             true
defaultdb      NULL         bar       false          routines     bar       ALL             true
defaultdb      NULL         bar       false          types        public    USAGE           false
defaultdb      NULL         bar       false          routines     public    EXECUTE         false
defaultdb      NULL         foo       false          tables       foo       ALL             true
defaultdb      NULL         foo       false          sequences    foo       ALL             true
defaultdb      NULL         foo       false          types        foo       ALL             true
defaultdb      NULL         foo       false          schemas      foo       ALL             true
defaultdb      NULL         foo       false          routines     foo       ALL             true
defaultdb      NULL         foo       false          types        public    USAGE           false
defaultdb      NULL         foo       false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         bar       false          tables       bar       ALL             true
postgres       NULL         bar       false          sequences    bar       ALL             true
postgres       NULL         bar       false          types        bar       ALL             true
postgres       NULL         bar       false          schemas      bar       ALL             true
postgres       NULL         bar       false          routines     bar       ALL             true
postgres       NULL         bar       false          types        public    USAGE           false
postgres       NULL         bar       false          routines     public    EXECUTE         false
postgres       NULL         foo       false          tables       foo       ALL             true
postgres       NULL         foo       false          sequences    foo       ALL             true
postgres       NULL         foo       false          types        foo       ALL             true
postgres       NULL         foo       false          schemas      foo       ALL             true
postgres       NULL         foo       false          routines     foo       ALL             true
postgres       NULL         foo       false          types        public    USAGE           false
postgres       NULL         foo       false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         bar       false          tables       bar       ALL             true
system         NULL         bar       false          sequences    bar       ALL             true
system         NULL         bar       false          types        bar       ALL             true
system         NULL         bar       false          schemas      bar       ALL             true
system         NULL         bar       false          routines     bar       ALL             true
system         NULL         bar       false          types        public    USAGE           false
system         NULL         bar       false          routines     public    EXECUTE         false
system         NULL         foo       false          tables       foo       ALL             true
system         NULL         foo       false          sequences    foo       ALL             true
system         NULL         foo       false          types        foo       ALL             true
system         NULL         foo       false          schemas      foo       ALL             true
system         NULL         foo       false          routines     foo       ALL             true
system         NULL         foo       false          types        public    USAGE           false
system         NULL         foo       false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         bar       false          routines     bar       ALL             true
test           NULL         bar       false          types        public    USAGE           false
test           NULL         bar       false          routines     public    EXECUTE         false
test           NULL         foo       false          routines     foo       ALL             true
test           NULL         foo       false          types        public    USAGE           false
test           NULL         foo       false          routines     public    EXECUTE         false
test           NULL         root      false          tables       foo       DROP            true
test           NULL         root      false          tables       foo       ZONECONFIG      true
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false

# Create a second database.
statement ok
CREATE DATABASE test2;
use test2;

statement ok
ALTER DEFAULT PRIVILEGES GRANT DROP, ZONECONFIG ON TABLES TO foo WITH GRANT OPTION;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         bar       false          tables       bar       ALL             true
defaultdb      NULL         bar       false          sequences    bar       ALL             true
defaultdb      NULL         bar       false          types        bar       ALL             true
defaultdb      NULL         bar       false          schemas      bar       ALL             true
defaultdb      NULL         bar       false          routines     bar       ALL             true
defaultdb      NULL         bar       false          types        public    USAGE           false
defaultdb      NULL         bar       false          routines     public    EXECUTE         false
defaultdb      NULL         foo       false          tables       foo       ALL             true
defaultdb      NULL         foo       false          sequences    foo       ALL             true
defaultdb      NULL         foo       false          types        foo       ALL             true
defaultdb      NULL         foo       false          schemas      foo       ALL             true
defaultdb      NULL         foo       false          routines     foo       ALL             true
defaultdb      NULL         foo       false          types        public    USAGE           false
defaultdb      NULL         foo       false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         bar       false          tables       bar       ALL             true
postgres       NULL         bar       false          sequences    bar       ALL             true
postgres       NULL         bar       false          types        bar       ALL             true
postgres       NULL         bar       false          schemas      bar       ALL             true
postgres       NULL         bar       false          routines     bar       ALL             true
postgres       NULL         bar       false          types        public    USAGE           false
postgres       NULL         bar       false          routines     public    EXECUTE         false
postgres       NULL         foo       false          tables       foo       ALL             true
postgres       NULL         foo       false          sequences    foo       ALL             true
postgres       NULL         foo       false          types        foo       ALL             true
postgres       NULL         foo       false          schemas      foo       ALL             true
postgres       NULL         foo       false          routines     foo       ALL             true
postgres       NULL         foo       false          types        public    USAGE           false
postgres       NULL         foo       false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         bar       false          tables       bar       ALL             true
system         NULL         bar       false          sequences    bar       ALL             true
system         NULL         bar       false          types        bar       ALL             true
system         NULL         bar       false          schemas      bar       ALL             true
system         NULL         bar       false          routines     bar       ALL             true
system         NULL         bar       false          types        public    USAGE           false
system         NULL         bar       false          routines     public    EXECUTE         false
system         NULL         foo       false          tables       foo       ALL             true
system         NULL         foo       false          sequences    foo       ALL             true
system         NULL         foo       false          types        foo       ALL             true
system         NULL         foo       false          schemas      foo       ALL             true
system         NULL         foo       false          routines     foo       ALL             true
system         NULL         foo       false          types        public    USAGE           false
system         NULL         foo       false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         bar       false          routines     bar       ALL             true
test           NULL         bar       false          types        public    USAGE           false
test           NULL         bar       false          routines     public    EXECUTE         false
test           NULL         foo       false          routines     foo       ALL             true
test           NULL         foo       false          types        public    USAGE           false
test           NULL         foo       false          routines     public    EXECUTE         false
test           NULL         root      false          tables       foo       DROP            true
test           NULL         root      false          tables       foo       ZONECONFIG      true
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false
test2          NULL         admin     false          tables       admin     ALL             true
test2          NULL         admin     false          sequences    admin     ALL             true
test2          NULL         admin     false          types        admin     ALL             true
test2          NULL         admin     false          schemas      admin     ALL             true
test2          NULL         admin     false          routines     admin     ALL             true
test2          NULL         admin     false          types        public    USAGE           false
test2          NULL         admin     false          routines     public    EXECUTE         false
test2          NULL         bar       false          tables       bar       ALL             true
test2          NULL         bar       false          sequences    bar       ALL             true
test2          NULL         bar       false          types        bar       ALL             true
test2          NULL         bar       false          schemas      bar       ALL             true
test2          NULL         bar       false          routines     bar       ALL             true
test2          NULL         bar       false          types        public    USAGE           false
test2          NULL         bar       false          routines     public    EXECUTE         false
test2          NULL         foo       false          tables       foo       ALL             true
test2          NULL         foo       false          sequences    foo       ALL             true
test2          NULL         foo       false          types        foo       ALL             true
test2          NULL         foo       false          schemas      foo       ALL             true
test2          NULL         foo       false          routines     foo       ALL             true
test2          NULL         foo       false          types        public    USAGE           false
test2          NULL         foo       false          routines     public    EXECUTE         false
test2          NULL         root      false          tables       foo       DROP            true
test2          NULL         root      false          tables       foo       ZONECONFIG      true
test2          NULL         root      false          tables       root      ALL             true
test2          NULL         root      false          sequences    root      ALL             true
test2          NULL         root      false          types        root      ALL             true
test2          NULL         root      false          schemas      root      ALL             true
test2          NULL         root      false          routines     root      ALL             true
test2          NULL         root      false          types        public    USAGE           false
test2          NULL         root      false          routines     public    EXECUTE         false
test2          NULL         testuser  false          tables       testuser  ALL             true
test2          NULL         testuser  false          sequences    testuser  ALL             true
test2          NULL         testuser  false          types        testuser  ALL             true
test2          NULL         testuser  false          schemas      testuser  ALL             true
test2          NULL         testuser  false          routines     testuser  ALL             true
test2          NULL         testuser  false          types        public    USAGE           false
test2          NULL         testuser  false          routines     public    EXECUTE         false
test2          NULL         NULL      true           types        public    USAGE           false
test2          NULL         NULL      true           routines     public    EXECUTE         false

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT SELECT ON TABLES TO foo;

query TTTBTTTB colnames,rowsort
SELECT * FROM crdb_internal.default_privileges
----
database_name  schema_name  role      for_all_roles  object_type  grantee   privilege_type  is_grantable
defaultdb      NULL         admin     false          tables       admin     ALL             true
defaultdb      NULL         admin     false          sequences    admin     ALL             true
defaultdb      NULL         admin     false          types        admin     ALL             true
defaultdb      NULL         admin     false          schemas      admin     ALL             true
defaultdb      NULL         admin     false          routines     admin     ALL             true
defaultdb      NULL         admin     false          types        public    USAGE           false
defaultdb      NULL         admin     false          routines     public    EXECUTE         false
defaultdb      NULL         bar       false          tables       bar       ALL             true
defaultdb      NULL         bar       false          sequences    bar       ALL             true
defaultdb      NULL         bar       false          types        bar       ALL             true
defaultdb      NULL         bar       false          schemas      bar       ALL             true
defaultdb      NULL         bar       false          routines     bar       ALL             true
defaultdb      NULL         bar       false          types        public    USAGE           false
defaultdb      NULL         bar       false          routines     public    EXECUTE         false
defaultdb      NULL         foo       false          tables       foo       ALL             true
defaultdb      NULL         foo       false          sequences    foo       ALL             true
defaultdb      NULL         foo       false          types        foo       ALL             true
defaultdb      NULL         foo       false          schemas      foo       ALL             true
defaultdb      NULL         foo       false          routines     foo       ALL             true
defaultdb      NULL         foo       false          types        public    USAGE           false
defaultdb      NULL         foo       false          routines     public    EXECUTE         false
defaultdb      NULL         root      false          tables       root      ALL             true
defaultdb      NULL         root      false          sequences    root      ALL             true
defaultdb      NULL         root      false          types        root      ALL             true
defaultdb      NULL         root      false          schemas      root      ALL             true
defaultdb      NULL         root      false          routines     root      ALL             true
defaultdb      NULL         root      false          types        public    USAGE           false
defaultdb      NULL         root      false          routines     public    EXECUTE         false
defaultdb      NULL         testuser  false          tables       testuser  ALL             true
defaultdb      NULL         testuser  false          sequences    testuser  ALL             true
defaultdb      NULL         testuser  false          types        testuser  ALL             true
defaultdb      NULL         testuser  false          schemas      testuser  ALL             true
defaultdb      NULL         testuser  false          routines     testuser  ALL             true
defaultdb      NULL         testuser  false          types        public    USAGE           false
defaultdb      NULL         testuser  false          routines     public    EXECUTE         false
defaultdb      NULL         NULL      true           types        public    USAGE           false
defaultdb      NULL         NULL      true           routines     public    EXECUTE         false
postgres       NULL         admin     false          tables       admin     ALL             true
postgres       NULL         admin     false          sequences    admin     ALL             true
postgres       NULL         admin     false          types        admin     ALL             true
postgres       NULL         admin     false          schemas      admin     ALL             true
postgres       NULL         admin     false          routines     admin     ALL             true
postgres       NULL         admin     false          types        public    USAGE           false
postgres       NULL         admin     false          routines     public    EXECUTE         false
postgres       NULL         bar       false          tables       bar       ALL             true
postgres       NULL         bar       false          sequences    bar       ALL             true
postgres       NULL         bar       false          types        bar       ALL             true
postgres       NULL         bar       false          schemas      bar       ALL             true
postgres       NULL         bar       false          routines     bar       ALL             true
postgres       NULL         bar       false          types        public    USAGE           false
postgres       NULL         bar       false          routines     public    EXECUTE         false
postgres       NULL         foo       false          tables       foo       ALL             true
postgres       NULL         foo       false          sequences    foo       ALL             true
postgres       NULL         foo       false          types        foo       ALL             true
postgres       NULL         foo       false          schemas      foo       ALL             true
postgres       NULL         foo       false          routines     foo       ALL             true
postgres       NULL         foo       false          types        public    USAGE           false
postgres       NULL         foo       false          routines     public    EXECUTE         false
postgres       NULL         root      false          tables       root      ALL             true
postgres       NULL         root      false          sequences    root      ALL             true
postgres       NULL         root      false          types        root      ALL             true
postgres       NULL         root      false          schemas      root      ALL             true
postgres       NULL         root      false          routines     root      ALL             true
postgres       NULL         root      false          types        public    USAGE           false
postgres       NULL         root      false          routines     public    EXECUTE         false
postgres       NULL         testuser  false          tables       testuser  ALL             true
postgres       NULL         testuser  false          sequences    testuser  ALL             true
postgres       NULL         testuser  false          types        testuser  ALL             true
postgres       NULL         testuser  false          schemas      testuser  ALL             true
postgres       NULL         testuser  false          routines     testuser  ALL             true
postgres       NULL         testuser  false          types        public    USAGE           false
postgres       NULL         testuser  false          routines     public    EXECUTE         false
postgres       NULL         NULL      true           types        public    USAGE           false
postgres       NULL         NULL      true           routines     public    EXECUTE         false
system         NULL         admin     false          tables       admin     ALL             true
system         NULL         admin     false          sequences    admin     ALL             true
system         NULL         admin     false          types        admin     ALL             true
system         NULL         admin     false          schemas      admin     ALL             true
system         NULL         admin     false          routines     admin     ALL             true
system         NULL         admin     false          types        public    USAGE           false
system         NULL         admin     false          routines     public    EXECUTE         false
system         NULL         bar       false          tables       bar       ALL             true
system         NULL         bar       false          sequences    bar       ALL             true
system         NULL         bar       false          types        bar       ALL             true
system         NULL         bar       false          schemas      bar       ALL             true
system         NULL         bar       false          routines     bar       ALL             true
system         NULL         bar       false          types        public    USAGE           false
system         NULL         bar       false          routines     public    EXECUTE         false
system         NULL         foo       false          tables       foo       ALL             true
system         NULL         foo       false          sequences    foo       ALL             true
system         NULL         foo       false          types        foo       ALL             true
system         NULL         foo       false          schemas      foo       ALL             true
system         NULL         foo       false          routines     foo       ALL             true
system         NULL         foo       false          types        public    USAGE           false
system         NULL         foo       false          routines     public    EXECUTE         false
system         NULL         root      false          tables       root      ALL             true
system         NULL         root      false          sequences    root      ALL             true
system         NULL         root      false          types        root      ALL             true
system         NULL         root      false          schemas      root      ALL             true
system         NULL         root      false          routines     root      ALL             true
system         NULL         root      false          types        public    USAGE           false
system         NULL         root      false          routines     public    EXECUTE         false
system         NULL         testuser  false          tables       testuser  ALL             true
system         NULL         testuser  false          sequences    testuser  ALL             true
system         NULL         testuser  false          types        testuser  ALL             true
system         NULL         testuser  false          schemas      testuser  ALL             true
system         NULL         testuser  false          routines     testuser  ALL             true
system         NULL         testuser  false          types        public    USAGE           false
system         NULL         testuser  false          routines     public    EXECUTE         false
system         NULL         NULL      true           types        public    USAGE           false
system         NULL         NULL      true           routines     public    EXECUTE         false
test           NULL         admin     false          tables       admin     ALL             true
test           NULL         admin     false          sequences    admin     ALL             true
test           NULL         admin     false          types        admin     ALL             true
test           NULL         admin     false          schemas      admin     ALL             true
test           NULL         admin     false          routines     admin     ALL             true
test           NULL         admin     false          types        public    USAGE           false
test           NULL         admin     false          routines     public    EXECUTE         false
test           NULL         bar       false          routines     bar       ALL             true
test           NULL         bar       false          types        public    USAGE           false
test           NULL         bar       false          routines     public    EXECUTE         false
test           NULL         foo       false          routines     foo       ALL             true
test           NULL         foo       false          types        public    USAGE           false
test           NULL         foo       false          routines     public    EXECUTE         false
test           NULL         root      false          tables       foo       DROP            true
test           NULL         root      false          tables       foo       ZONECONFIG      true
test           NULL         root      false          tables       root      ALL             true
test           NULL         root      false          sequences    root      ALL             true
test           NULL         root      false          types        root      ALL             true
test           NULL         root      false          schemas      root      ALL             true
test           NULL         root      false          routines     root      ALL             true
test           NULL         root      false          routines     public    EXECUTE         false
test           NULL         testuser  false          tables       testuser  ALL             true
test           NULL         testuser  false          sequences    testuser  ALL             true
test           NULL         testuser  false          types        testuser  ALL             true
test           NULL         testuser  false          schemas      testuser  ALL             true
test           NULL         testuser  false          routines     testuser  ALL             true
test           NULL         testuser  false          types        public    USAGE           false
test           NULL         testuser  false          routines     public    EXECUTE         false
test           NULL         NULL      true           types        public    USAGE           false
test           NULL         NULL      true           routines     public    EXECUTE         false
test2          NULL         admin     false          tables       admin     ALL             true
test2          NULL         admin     false          sequences    admin     ALL             true
test2          NULL         admin     false          types        admin     ALL             true
test2          NULL         admin     false          schemas      admin     ALL             true
test2          NULL         admin     false          routines     admin     ALL             true
test2          NULL         admin     false          types        public    USAGE           false
test2          NULL         admin     false          routines     public    EXECUTE         false
test2          NULL         bar       false          tables       bar       ALL             true
test2          NULL         bar       false          sequences    bar       ALL             true
test2          NULL         bar       false          types        bar       ALL             true
test2          NULL         bar       false          schemas      bar       ALL             true
test2          NULL         bar       false          routines     bar       ALL             true
test2          NULL         bar       false          types        public    USAGE           false
test2          NULL         bar       false          routines     public    EXECUTE         false
test2          NULL         foo       false          tables       foo       ALL             true
test2          NULL         foo       false          sequences    foo       ALL             true
test2          NULL         foo       false          types        foo       ALL             true
test2          NULL         foo       false          schemas      foo       ALL             true
test2          NULL         foo       false          routines     foo       ALL             true
test2          NULL         foo       false          types        public    USAGE           false
test2          NULL         foo       false          routines     public    EXECUTE         false
test2          NULL         root      false          tables       foo       DROP            true
test2          NULL         root      false          tables       foo       ZONECONFIG      true
test2          NULL         root      false          tables       root      ALL             true
test2          NULL         root      false          sequences    root      ALL             true
test2          NULL         root      false          types        root      ALL             true
test2          NULL         root      false          schemas      root      ALL             true
test2          NULL         root      false          routines     root      ALL             true
test2          NULL         root      false          types        public    USAGE           false
test2          NULL         root      false          routines     public    EXECUTE         false
test2          NULL         testuser  false          tables       testuser  ALL             true
test2          NULL         testuser  false          sequences    testuser  ALL             true
test2          NULL         testuser  false          types        testuser  ALL             true
test2          NULL         testuser  false          schemas      testuser  ALL             true
test2          NULL         testuser  false          routines     testuser  ALL             true
test2          NULL         testuser  false          types        public    USAGE           false
test2          NULL         testuser  false          routines     public    EXECUTE         false
test2          NULL         NULL      true           tables       foo       SELECT          false
test2          NULL         NULL      true           types        public    USAGE           false
test2          NULL         NULL      true           routines     public    EXECUTE         false

subtest corrupt_default_privilege

statement ok
CREATE ROLE roach_a;
CREATE ROLE roach_b;
SET ROLE roach_b;

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE roach_b GRANT SELECT ON TABLES TO roach_a;

statement ok
SET ROLE root;

statement ok
ALTER DEFAULT PRIVILEGES FOR ALL ROLES GRANT SELECT ON TABLES TO roach_a;

statement ok
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT INSERT ON TABLES TO roach_a;

# Create some descriptor corruptions with an orphaned role that is being granted
# a default privilege.
statement ok
DELETE FROM system.users WHERE username = 'roach_a';

# Force the role membership cache to be updated.
statement ok
CREATE ROLE tmp;

query TTTBTTTB colnames
SELECT * FROM crdb_internal.default_privileges WHERE grantee = 'roach_a'
ORDER BY role;
----
database_name  schema_name  role     for_all_roles  object_type  grantee  privilege_type  is_grantable
test2          NULL         NULL     true           tables       roach_a  SELECT          false
test2          NULL         roach_b  false          tables       roach_a  SELECT          false
test2          public       root     false          tables       roach_a  INSERT          false

statement ok
CREATE ROLE roach_c;
CREATE ROLE roach_d;
SET ROLE roach_d;

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE roach_d GRANT SELECT ON TABLES TO roach_b;

statement ok
SET ROLE roach_c;

statement ok
ALTER DEFAULT PRIVILEGES FOR ROLE roach_c GRANT SELECT ON TABLES TO roach_d;

statement ok
SET ROLE root;

# Create a descriptor corruption with an orphaned role that is granting a
# default privilege.
statement ok
DELETE FROM system.users WHERE username = 'roach_d';

# Create a descriptor corruption with all orphaned roles.
statement ok
DELETE FROM system.users WHERE username = 'roach_c';

# We see that roach_c and roach_d still exist in our default privileges on our
# database descriptor.
query TT colnames
WITH t AS (
   SELECT json_array_elements(crdb_internal.pb_to_json('cockroach.sql.sqlbase.Descriptor', descriptor)
     -> 'database'
     -> 'defaultPrivileges'
     -> 'defaultPrivilegesPerRole') AS default_privs_per_role
   FROM system.descriptor
   WHERE id = (SELECT oid FROM pg_database WHERE datname = 'test2')
) SELECT
  default_privs_per_role->'defaultPrivilegesPerObject'->'1'->'users' AS grantees,
  default_privs_per_role->'explicitRole'->'userProto' AS role
 FROM t
ORDER BY role;
----
grantees                                                                                  role
[{"privileges": "32", "userProto": "foo"}, {"privileges": "32", "userProto": "roach_a"}]  NULL
[{"privileges": "32", "userProto": "roach_a"}]                                            "roach_b"
[{"privileges": "32", "userProto": "roach_d"}]                                            "roach_c"
[{"privileges": "32", "userProto": "roach_b"}]                                            "roach_d"
[{"privileges": "1032", "userProto": "foo", "withGrantOption": "1032"}]                   "root"

# Invalidate the role membership cache (validation uses the cache).
statement ok
CREATE ROLE invalidate;

query TTTT colnames
SELECT database_name, schema_name, obj_name, error FROM crdb_internal.invalid_objects
ORDER BY schema_name;
----
database_name  schema_name  obj_name  error
test2          ·            ·         a default privilege exists for a role "roach_a" that doesn't exist
test2          public       ·         a default privilege exists for a role "roach_a" that doesn't exist

query TT colnames
SELECT name, corruption FROM crdb_internal.kv_repairable_catalog_corruptions
ORDER BY name;
----
name    corruption
public  descriptor
test2   descriptor

statement ok
SELECT crdb_internal.repair_catalog_corruption(id, corruption) FROM "".crdb_internal.kv_repairable_catalog_corruptions;

query I
SELECT count(*) FROM crdb_internal.invalid_objects;
----
0

# Our default privileges are now properly cleaned up.
query TT colnames
WITH t AS (
   SELECT json_array_elements(crdb_internal.pb_to_json('cockroach.sql.sqlbase.Descriptor', descriptor)
     -> 'database'
     -> 'defaultPrivileges'
     -> 'defaultPrivilegesPerRole') AS default_privs_per_role
   FROM system.descriptor
   WHERE id = (SELECT oid FROM pg_database WHERE datname = 'test2')
) SELECT
  default_privs_per_role->'defaultPrivilegesPerObject'->'1'->'users' AS grantees,
  default_privs_per_role->'explicitRole'->'userProto' AS role
 FROM t
ORDER BY role;
----
grantees                                                                 role
[{"privileges": "32", "userProto": "foo"}]                               NULL
[{"privileges": "1032", "userProto": "foo", "withGrantOption": "1032"}]  "root"

subtest end
