We Keep Coding

How Do I Create an "Any Logged-In User" Policy With PostgreSQL Row-Level Security

I'm trying to create a policy that let's any logged-in user create a record in a "resources" table. I can create the policy just fine:
CREATE POLICY insert_resources
ON public.resources
FOR INSERT TO public_user WITH CHECK (
(NULLIF(CURRENT_SETTING('jwt.claims.person_id', true), '')) IS NOT NULL
)
However, I must be doing something wrong, because when I try to do an INSERT as a logged-in user, I get a "permission denied for table resources" aclcheck_error.
I'm pretty sure that's the only relevant policy, because when I run:
SELECT *
FROM pg_policies
WHERE tablename = 'resources'
AND cmd='INSERT';
... it's the only policy that shows up.
Can any PostgreSQL (row-level security) experts help explain what's wrong with my policy?

A "permission denied for table" error sounds like you didn't GRANT the INSERT privilege on that table to the public_user user.

Redshift : New table but Group members can't query

In Redshift I have a data_reader db group defined like this
CREATE GROUP data_reader;
GRANT USAGE ON SCHEMA reports TO GROUP data_reader;
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
And I've noticed that whenever I create a new table, group members can't automatically query from the table. They get a Permission Denied error. Re-running
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
Fixes the permission.
Is this just a quirk of Redshift or is there another way I should be defining my db groups?

This statement grants access only to already created tables:
GRANT SELECT ON ALL TABLES IN SCHEMA reports TO GROUP data_reader;
In order to grant access by default, you must setup default privileges:
GRANT USAGE ON SCHEMA reports TO group data_reader; --Most probably already granted
ALTER DEFAULT PRIVILEGES IN SCHEMA reports GRANT SELECT ON TABLES to group data_reader;
Now all new created tables will be granted to group for select.

Any GRANTS you provide are only for the existing tables/views. Anytime a new table is created, you need to explicitly provide the required permissions to users/groups. My suggestion is to probably include the appropriate grants statements in the DDL file.

Psql: permission denied to a specific user

I have created two different users on psql. With one of everythin works fine but whit the other I get the folliwing:
select * from public.document LIMIT 100;
ERROR: permission denied for relation document
And I did for both the same procedure

You need to give permission to all the users. Login using the user which created the tabled and then run the below script.
GRANT ALL ON document TO user_2;

Have access to table and function, but not the table within the function

I ran into a peculiar problem with my database that I haven't been able to solve since yesterday.
So I created a user that has access to the function "write_match_history()" and access to the table "match_history," and I can use this user to query match history as well as write to it directly using sql. However, when I try to run "write_match_history," I get the following error:
error: error: permission denied for relation match_history
Here are the accesses I've granted to this user:
drop OWNED by d_write;
drop user if exists d_write;
create user d_write with encrypted password 'supersecret';
grant execute on function write_match_history(a,b,c,d,e,f) to d_write;
grant usage on schema d to d_write;
grant insert on table d.match_history to d_write;
grant select on table d.match_history to d_write;
grant select on all SEQUENCES in SCHEME d to d_write;
grant insert on all tables in schema d to d_write;
grant select on all talbes in schema d to d_write;
These permissions are everything I've tried so far. Let me know if you need more information.
Thanks!

Well, what is the owner of the function write_match_history(a,b,c,d,e,f). Do it allow to insert/update on table match_history. If not, please try it. I think the problem is here.

how can we identified schema name in sybase ase 15.5?

I am trying to get schema name in sybase database.
First I have create login(user1) from sa user and than i have connect with user1 by giving login name(user1) and password now i have tried to create table by giving following command:-
create table user1.table1(
emp_id int not null,
name varchar(80) not null
)
but it was showing access denied error than i have logged-in from sa user and grant sa_role to user1 and then again i have run above mention query for create table and table were created successfully.
here I am not exactly getting that user1 is schema name or not or how can I identified schema name?
I want to also know that is there any role except sa_role for grant create insert delete table ,views and all other objects of sybase database.

Sybase ASE does not use the schema concept that SQL Server and Oracle use. Objects are located inside a database, and owned by a user - no other logical separations are there. So your syntax is wrong.
create table table1
(
emp_id int not null,
name varchar(80) not null
)
Sybase ASE Create Table
Additionally, Sybase/SAP best practices tells us all database objects should be created/owned by dbo with permissions granted to groups/roles/users to access those objects. Users who own database objects can not be removed, so if User1 gets fired, you will have to identify all the objects he owns, and change the ownership of those objects before his account can be deleted.
So for your example, the dbo user (typically sa) would create the objects, then GRANT permissions (INSERT/UPDATE/DELETE/etc) to the groups/roles/users who need access.
More information on managing user permissions can be found in the Sybase ASE System Administrators Guide Vol 1.
And more information about Roles/Groups from the System Admin Guide.