By if __name__ is None


2013-11-25 17:08:36 8 Comments

I have ran the following SQL in psql:

CREATE USER bspu LOGIN;

CREATE DATABASE bsp OWNER bspu;

GRANT ALL PRIVILEGES ON DATABASE bsp TO bspu;

\c bsp

CREATE TABLE users (
  id SERIAL PRIMARY KEY,
  client_id VARCHAR(20) NOT NULL,
  api_key VARCHAR(100) NOT NULL,
  api_secret VARCHAR(100) NOT NULL,
  auth_token VARCHAR(128) NOT NULL
);

When I login as bspu, and try to query the users table, I get the error:

permission denied for relation users

I tried running:

ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO bspu;

But it doesn't help. What am I doing wrong? Why does database owner NOT have permissions to query its own database?

EDIT: I upgraded bspu to superuser for now, so I can continue work. Any further guidance appreciated.

2 comments

@Srinu Mareti 2020-02-06 23:26:39

This is working for me after some research. psql (9.6.12)

-- login to postgres database server as postgres user.
ssh <user>>@hostname.<domain>>.com
sudo su postgres
id
psql
postgres=# create user sentry_read with login password 'sentry_read';
postgres=# du+
postgres=# \l+
-- **very important: make sure we should connect required database before we grant to user.**
postgres=# \c sentry
postgres=# \dt
sentry=# \dp SENTRY_VERSION
sentry=# select * from "SENTRY_VERSION";
sentry=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO sentry_read;
postgres=# \q

[[email protected] ~]$ psql -U sentry_read -d sentry -h hostname.<domain>>.com -W
sentry=> select * from "SENTRY_VERSION";

@Erwin Brandstetter 2013-11-26 00:48:32

DEFAULT PRIVILEGES do not change permissions for existing objects. They are the default privileges for newly created objects and only for the particular role they belong to. If you do not define the role when running ALTER DEFAULT PRIVILEGES, it defaults to the current role (when executing the ALTER DEFAULT PRIVILEGES statement.

Also, since you are using a serial column, which creates a SEQUENCE, you'll want to set default privileges for sequences as well.

Run this on the user you create objects with, before you run the CREATE command:

ALTER DEFAULT PRIVILEGES [ FOR ROLE my_create_role] GRANT ALL ON TABLES TO bspu;
ALTER DEFAULT PRIVILEGES [ FOR ROLE my_create_role] GRANT ALL ON SEQUENCES TO bspu;

If you should use pgAdmin, a word of caution. There is a bug in the current version 1.20 (or older) in the display of the reverse engineered SQL script for DEFAULT PRIVILEGES. The display ignores the owning user and is therefore incorrect in certain situations. I reported the bug, the matter is pending.

For existing objects you may also be interested in this "batch" form of the GRANT command:

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO bspu;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO bspu;

More under this related question on SO:

@dpprdan 2020-02-24 16:50:35

The bug mentioned still persists in pgAdmin4, see redmine.postgresql.org/issues/4685, which has been flagged as a duplicate of redmine.postgresql.org/issues/4256

Related Questions

Sponsored Content

1 Answered Questions

[SOLVED] Adding new user in Postgres

1 Answered Questions

[SOLVED] postgres: "alter default privileges" issue

  • 2016-08-02 20:39:55
  • MarkTeehan
  • 605 View
  • 1 Score
  • 1 Answer
  • Tags:   postgresql

1 Answered Questions

2 Answered Questions

[SOLVED] Privileges for database owner; application user

2 Answered Questions

[SOLVED] PostgreSQL CREATE TABLE creates with incorrect owner

2 Answered Questions

[SOLVED] Problem with permissions for user

  • 2012-09-16 12:25:30
  • wookie1
  • 9915 View
  • 7 Score
  • 2 Answer
  • Tags:   postgresql role

Sponsored Content