From 1ef5c91d74ddafca03e6dfb81040580fab0ea1cc Mon Sep 17 00:00:00 2001
From: Tobias Stenzel <ts@flyingcircus.io>
Date: Thu, 29 Jun 2023 18:33:15 +0200
Subject: [PATCH] postgresql docs: add warning about schema priv changes in 15

---
 doc/src/postgresql.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/doc/src/postgresql.md b/doc/src/postgresql.md
index 6ebd7d270..249eeb3a0 100644
--- a/doc/src/postgresql.md
+++ b/doc/src/postgresql.md
@@ -8,6 +8,27 @@ Managed instance of the [PostgreSQL](http://postgresql.org) database server.
 
 - PostgreSQL server (versions 11, 12, 13, 14, 15)
 
+:::{warning}
+
+PostgreSQL 15 changed schema permission handling for new databases. Before,
+users that had `ALL` privileges for a database also were able to create tables and
+other objects in the `public` schema. Now, the `CREATE` privilege has to be
+granted explicitly for the schema.
+
+This also means that setting up permissions by using the NixOS option
+`services.postgresql.ensureUsers.*.ensurePermissions` is not enough if the user
+needs to create tables. NixOS doesn't support setting permissions on a schema, yet.
+
+To grant `CREATE` privilege to user `test` using SQL, execute:
+
+~~~sql
+GRANT CREATE ON SCHEMA public TO test;
+~~~
+
+See [Schemas and Privileges](https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PRIV)
+in the PostgreSQL documentation for more information.
+:::
+
 ## Configuration
 
 Managed PostgreSQL instances already have a production-grade configuration with