I have a problem with a select in postgres. Create a db with a new user but in pg admin when applying a query within the program it returns me
ERROR: permission denied for table users
Apply a query to give privileges with:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO someuser;
as well as a query to give privileges to the table but nothing: /
Related
I am running this command
gcloud sql import sql db1 gs://mybucket/sqldumpfile.gz --database=mydb1
to import a database snapshot into a new database. Before running it, I recreated the same users I had in the source database, using Cloud Console. However, I keep on getting this error:
ERROR: must be member of role "postgres"
STATEMENT: ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT SELECT ON TABLES TO user1;
I am not sure what to do and which user must be "member of role postgres".
Any advice is appreciated
To grant default privileges for user2, use the FOR ROLE clause:
ALTER DEFAULT PRIVILEGES FOR USER <user-1> IN SCHEMA <user-1> GRANT INSERT, UPDATE, DELETE ON TABLES TO <user-2>;
ALTER DEFAULT PRIVILEGES FOR USER <user-1> IN SCHEMA <user-1> GRANT SELECT ON TABLES TO <user-2>;
You need to grant the rights from the user-1 which is creating the table, So whenever the user-1 creates a table, it will grant the SELECT rights for the user-2.
For more information refer to this document.
I'm trying to achieve the following:
I have user1 which is created.
This user1 has databases user1_db1, user1_db2 , user1_db3
When I grant the owner of user1 to all the databases, I am able to do everything with them,except if I create user1_user1 , grant All access ( without the owner ) to user1_db. Then user1_user1 will throw errors like :
user1_user1=> ALTER DATABASE "user1_dbl" SET bytea_output = 'escape';
ERROR: must be owner of database user1_db1
What I need is a special user ( in this case user1_user1 ) to be able to do everything with the database that all access have been granted and is still visible in phppgadmin ( when $conf['owned_only'] = true; is set ) when logged with user1 , or if needed I can create a special user for PHPpgAdmin but must view the databases that are with prefix user1 only.
Maybe my approach is not proper so please let me know how can I achieve this.
The goal is to have 1 user , able to access/modify all those databases and in the same scenario , user1_user1 is able to do the same but not accessing phppgadmin. The limitation that I am seeing is the ownership only and I am not able to bypass it...
Thank you for your advices!
You can use the same user for all of the databases, but you will need to give that user access to each database. You can do that by running the following SQL:
GRANT ALL PRIVILEGES ON DATABASE user1_db1 TO user1_user1; GRANT ALL PRIVILEGES ON DATABASE user1_db2 TO user1_user1; GRANT ALL PRIVILEGES ON DATABASE user1_db3 TO user1_user1;
You can also give the user access to all databases by running the following SQL:
GRANT ALL PRIVILEGES ON ALL DATABASES TO user1_user1;
You can also give the user access to all tables in a database by running the following SQL:
GRANT ALL PRIVILEGES ON user1_db1.* TO user1_user1;
You can also give the user access to all tables in all databases by running the following SQL:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO user1_user1;
You can also give the user access to all sequences in a database by running the following SQL:
GRANT ALL PRIVILEGES ON user1_db1 TO user1_user1;
You can also give the user access to all sequences in all databases by running the following SQL:
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO user1_user1;
You can also give the user access to all functions in a database by running the following SQL:
GRANT ALL PRIVILEGES ON user1_db1 TO user1_user1;
You can also give the user access to all functions in all databases by running the following SQL:
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO user1_user1;
You can also give the user access to all types in a database by running the following SQL:
GRANT ALL PRIVILEGES ON user1_db1 TO user1_user1;
You can also give the user access to all types in all databases by running the following SQL:
GRANT ALL PRIVILEGES ON ALL TYPES IN SCHEMA public TO user1_user1;
You can also give the user access to all operators in a database by running the following SQL:
GROMySQL: How to grant all privileges on all databases and tables to a user?
The best way to do this is to use the GRANT ALL PRIVILEGES ON . TO 'user'#'localhost' syntax.
GRANT ALL PRIVILEGES ON *.* TO 'user'#'localhost' IDENTIFIED BY 'password';
This will give the user all privileges on all databases and tables.
I finally made it work with the memberships :
postgres=# \du
List of roles
Role name | Attributes | Member of
-------------------+------------------------------------------------------------+---------------------
user1 | | {user1_pgsqluser}
user1_pgsqluser | | {}
This can be granted as follow :
psql -U postgres -c 'grant $dbuser to $user;'
I've successfully setup pgHero using the permissions guide here.
Everything is working, including historical query stats, except for the ability run analyze on queries that it shows are slow.
I get PG::InsufficientPrivilege: ERROR: permission denied for table <tableName>
How can I grant permission to analyze to the pghero user?
Turns out this is as simple as granting SELECT (and whatever other) privileges to the pghero user like so:
# Grant select access for all current tables
GRANT SELECT ON ALL TABLES IN SCHEMA public TO pghero;
# For all future tables
ALTER DEFAULT PRIVILEGES FOR ROLE <main-user> IN SCHEMA public GRANT SELECT ON TABLES TO pghero;
If you use Hibernate to create tables, those tables are inaccessible to other users (they are owned by cloudsqladmin). All attempts to GRANT permission to other users have failed, so when I'm accessing it via shell or GUI using the only credentials I have (the non-cloudsqladmin users), they have no access to these tables other than to list the columns in the table.
Through IAM I have granted the service account access to all permissions.
eg. logged in as the postgres user:
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO postgres;
ERROR: permission denied for relation mytable
GRANT SELECT ON post to postgres;
ERROR: permission denied for relation mytable
ALTER TABLE public.mytable OWNER to postgres;
ERROR: must be owner of relation mytable
I would like to note that the postgres user is able to fully manipulate tables that were not created with hibernate, and hibernate is able to fully manipulate the data, just not the other users I created.
So the final solution was painfully simple. Simply:
GRANT user_you_authed_in_java TO user_you_want_to_use;
How does privileges for new relations in PostgreSQL work?
Steps:
Create DB (from user postgres) and connect to it
CREATE DATABASE test;
\c test
Create user site with some privileges
CREATE USER site NOCREATEDB NOINHERIT;
GRANT SELECT, UPDATE, INSERT, DELETE, TRUNCATE, REFERENCES ON ALL TABLES IN SCHEMA public TO site;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO site;
Change default privileges for user site
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, UPDATE, INSERT, DELETE, TRUNCATE, REFERENCES ON TABLES TO site;
Create user migration with all privileges
CREATE USER migration NOCREATEDB NOINHERIT;
GRANT ALL PRIVILEGES ON DATABASE test TO migration;
Connect to DB from user migration and create table
CREATE TABLE test (id serial);
Connect to DB from user site and select data from created table
SELECT * FROM test;
ERROR: permission denied for relation test
But if I create table from user postgres, all work fine!
Why default privileges didn't work in this case? How can I grant permissions for new tables for user site?
ALTER DEFAULT PRIVILEGES only affects objects created by the user specified in the FOR ROLE clause. If you omit this clause, it only applies to the user running the command (in your case, postgres).
You want ALTER DEFAULT PRIVILEGES FOR USER migration ... instead.