Обсуждение: User granted all access to schema, but can't see tables
This is v12 from RHEL repos. As user postgres, I run: sides=# grant all on SCHEMA strans TO stransuser; GRANT sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on tables to stransuser; ALTER DEFAULT PRIVILEGES sides=# GRANT USAGE ON SCHEMA strans TO stransuser; GRANT But user stransuser still can’t access tables sides=> \d List of relations Schema | Name | Type | Owner --------+------------+----------+---------- strans | foo | table | postgres strans | foo_id_seq | sequence | postgres (2 rows) sides=> select * from strans.foo; ERROR: permission denied for table foo sides=> \z strans.foo Access privileges Schema | Name | Type | Access privileges | Column privileges | Policies --------+------+-------+---------------------------+-------------------+---------- strans | foo | table | postgres=arwdDxt/postgres+| | | | | READWRITE=arwdD/postgres +| | | | | READONLY=r/postgres | | (1 row) What am I missing? -- Angular momentum makes the world go 'round.
Does the stansuser have connect privileges to the actual database where the schema and tables are? GRANT connect ON DATABASE <stans_whatever> TO stansuser; Note that since you didn’t tell us what the database name is here, you’ll need to substitute the actual name of it whereI indicated <stans_whatever>. — Jay Sent from my iPad > On Dec 18, 2020, at 7:07 AM, Ron <ronljohnsonjr@gmail.com> wrote: > > This is v12 from RHEL repos. > > As user postgres, I run: > > sides=# grant all on SCHEMA strans TO stransuser; > GRANT > > sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on tables to stransuser; > ALTER DEFAULT PRIVILEGES > > sides=# GRANT USAGE ON SCHEMA strans TO stransuser; > GRANT > > But user stransuser still can’t access tables > > sides=> \d > List of relations > Schema | Name | Type | Owner > --------+------------+----------+---------- > strans | foo | table | postgres > strans | foo_id_seq | sequence | postgres > (2 rows) > > sides=> select * from strans.foo; > ERROR: permission denied for table foo > > sides=> \z strans.foo > Access privileges > Schema | Name | Type | Access privileges | Column privileges | Policies > --------+------+-------+---------------------------+-------------------+---------- > strans | foo | table | postgres=arwdDxt/postgres+| | > | | | READWRITE=arwdD/postgres +| | > | | | READONLY=r/postgres | | > (1 row) > > What am I missing? > > -- > Angular momentum makes the world go 'round. > >
The database name is "sides", as show in the psql prompt. User "stransuser" can connect to the database as shown below when it tries to query tables but gets "permission denied". On 12/18/20 6:26 AM, John Scalia wrote: > Does the stansuser have connect privileges to the actual database where the schema and tables are? > > GRANT connect ON DATABASE <stans_whatever> TO stansuser; > > Note that since you didn’t tell us what the database name is here, you’ll need to substitute the actual name of it whereI indicated <stans_whatever>. > — > Jay > > Sent from my iPad > >> On Dec 18, 2020, at 7:07 AM, Ron <ronljohnsonjr@gmail.com> wrote: >> >> This is v12 from RHEL repos. >> >> As user postgres, I run: >> >> sides=# grant all on SCHEMA strans TO stransuser; >> GRANT >> >> sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on tables to stransuser; >> ALTER DEFAULT PRIVILEGES >> >> sides=# GRANT USAGE ON SCHEMA strans TO stransuser; >> GRANT >> >> But user stransuser still can’t access tables >> >> sides=> \d >> List of relations >> Schema | Name | Type | Owner >> --------+------------+----------+---------- >> strans | foo | table | postgres >> strans | foo_id_seq | sequence | postgres >> (2 rows) >> >> sides=> select * from strans.foo; >> ERROR: permission denied for table foo >> >> sides=> \z strans.foo >> Access privileges >> Schema | Name | Type | Access privileges | Column privileges | Policies >> --------+------+-------+---------------------------+-------------------+---------- >> strans | foo | table | postgres=arwdDxt/postgres+| | >> | | | READWRITE=arwdD/postgres +| | >> | | | READONLY=r/postgres | | >> (1 row) >> >> What am I missing? >> >> -- >> Angular momentum makes the world go 'round. >> >> -- Angular momentum makes the world go 'round.
Try doing a \dpp <table_name> and see if the table contains a line for the stansuser. Perhaps there was a problem with thedefault privileges. Oh, and case you didn’t know this, newly set default privileges only effect an object created afterthe fact, they do not alter privileges for any existing object. Sent from my iPad > On Dec 18, 2020, at 7:57 AM, Ron <ronljohnsonjr@gmail.com> wrote: > > The database name is "sides", as show in the psql prompt. User "stransuser" can connect to the database as shown belowwhen it tries to query tables but gets "permission denied". > >> On 12/18/20 6:26 AM, John Scalia wrote: >> Does the stansuser have connect privileges to the actual database where the schema and tables are? >> >> GRANT connect ON DATABASE <stans_whatever> TO stansuser; >> >> Note that since you didn’t tell us what the database name is here, you’ll need to substitute the actual name of it whereI indicated <stans_whatever>. >> — >> Jay >> >> Sent from my iPad >> >>>> On Dec 18, 2020, at 7:07 AM, Ron <ronljohnsonjr@gmail.com> wrote: >>> >>> This is v12 from RHEL repos. >>> >>> As user postgres, I run: >>> >>> sides=# grant all on SCHEMA strans TO stransuser; >>> GRANT >>> >>> sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on tables to stransuser; >>> ALTER DEFAULT PRIVILEGES >>> >>> sides=# GRANT USAGE ON SCHEMA strans TO stransuser; >>> GRANT >>> >>> But user stransuser still can’t access tables >>> >>> sides=> \d >>> List of relations >>> Schema | Name | Type | Owner >>> --------+------------+----------+---------- >>> strans | foo | table | postgres >>> strans | foo_id_seq | sequence | postgres >>> (2 rows) >>> >>> sides=> select * from strans.foo; >>> ERROR: permission denied for table foo >>> >>> sides=> \z strans.foo >>> Access privileges >>> Schema | Name | Type | Access privileges | Column privileges | Policies >>> --------+------+-------+---------------------------+-------------------+---------- >>> strans | foo | table | postgres=arwdDxt/postgres+| | >>> | | | READWRITE=arwdD/postgres +| | >>> | | | READONLY=r/postgres | | >>> (1 row) >>> >>> What am I missing? >>> >>> -- >>> Angular momentum makes the world go 'round. >>> >>> > > -- > Angular momentum makes the world go 'round. > >
If you want to grant the privileges after the tables have created, do: GRANT ALL ON ALL TABLES IN SCHEMA strans TO stransuser; -----Original Message----- From: John Scalia <jayknowsunix@gmail.com> Sent: perjantai 18. joulukuuta 2020 15.06 To: Ron <ronljohnsonjr@gmail.com> Cc: pgsql-admin <pgsql-admin@postgresql.org> Subject: Re: User granted all access to schema, but can't see tables Try doing a \dpp <table_name> and see if the table contains a line for the stansuser. Perhaps there was a problem with thedefault privileges. Oh, and case you didn’t know this, newly set default privileges only effect an object created afterthe fact, they do not alter privileges for any existing object. Sent from my iPad > On Dec 18, 2020, at 7:57 AM, Ron <ronljohnsonjr@gmail.com> wrote: > > The database name is "sides", as show in the psql prompt. User "stransuser" can connect to the database as shown belowwhen it tries to query tables but gets "permission denied". > >> On 12/18/20 6:26 AM, John Scalia wrote: >> Does the stansuser have connect privileges to the actual database where the schema and tables are? >> >> GRANT connect ON DATABASE <stans_whatever> TO stansuser; >> >> Note that since you didn’t tell us what the database name is here, you’ll need to substitute the actual name of it whereI indicated <stans_whatever>. >> — >> Jay >> >> Sent from my iPad >> >>>> On Dec 18, 2020, at 7:07 AM, Ron <ronljohnsonjr@gmail.com> wrote: >>> >>> This is v12 from RHEL repos. >>> >>> As user postgres, I run: >>> >>> sides=# grant all on SCHEMA strans TO stransuser; GRANT >>> >>> sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on >>> tables to stransuser; ALTER DEFAULT PRIVILEGES >>> >>> sides=# GRANT USAGE ON SCHEMA strans TO stransuser; GRANT >>> >>> But user stransuser still can’t access tables >>> >>> sides=> \d >>> List of relations >>> Schema | Name | Type | Owner >>> --------+------------+----------+---------- >>> strans | foo | table | postgres >>> strans | foo_id_seq | sequence | postgres >>> (2 rows) >>> >>> sides=> select * from strans.foo; >>> ERROR: permission denied for table foo >>> >>> sides=> \z strans.foo >>> Access privileges >>> Schema | Name | Type | Access privileges | Column privileges | Policies >>> --------+------+-------+---------------------------+-------------------+---------- >>> strans | foo | table | postgres=arwdDxt/postgres+| | >>> | | | READWRITE=arwdD/postgres +| | >>> | | | READONLY=r/postgres | | >>> (1 row) >>> >>> What am I missing? >>> >>> -- >>> Angular momentum makes the world go 'round. >>> >>> > > -- > Angular momentum makes the world go 'round. > >