Amazon Redshift Grants - New table can't be accessed even though user has grants to all tables in schema

Question

I have a bit of a funny situation in Amazon Redshift where I have a user X who has grant select on all tables in schema public, but once a new table is created, this grant doesn

Answer 1

This is a normal behavior. Only the object owner/superuser have permission to use the object by default.

http://docs.aws.amazon.com/redshift/latest/dg/r_Privileges.html

You can add grant command to your create table statement and grant needed privileges for the user.

Answer 2

When we first spotted new tables not appearing in our reporting tool, I discovered a quick workaround is to re-execute the following SQL statement for the groups/users impacted:

ALTER DEFAULT PRIVILEGES IN SCHEMA <SCHEMANAME> GRANT SELECT ON TABLES TO GROUP <USER/GROUPNAME>;

Answer 3

Executing the following command as super user (master):

alter default privileges 
  for user staging_user 
  in schema staging 
  grant select on tables 
  to reporting_user;

will allow reporting_user to select data from all future tables created by staging_user in schema staging.

Answer 4

In Redshift tables and views do not automatically inherit the permissions of their parent schema. Your newly created tables are only accessible to the user who created them, and the superuser.

In a recent patch to Redshift a new feature to grant default privileges was implemented that addresses this issue.

Alter Default Privileges

The following code snippet will grant select privileges only for all future tables in the sales schema to the sales_admin group. If you want this to apply to existing tables in a schema you will need to combine it with a second grant statement.

alter default privileges in schema sales grant select on tables to group sales_admin;