Problems adding user to database in postgreSQL - postgresql

With the postgres user, I can select the table users from the production database.
sudo -u postgres psql
\c production
You are now connected to database "production" as user "postgres".
select * from users;
....the server lists the content of the table...
The problem I have is that if I create a new user and grant access to the users, the new user cannot select it.
More especifically, I create a new user myuser and add all the privileges to the production database and to the public schema.
CREATE USER myuser WITH PASSWORD '12345678';
GRANT ALL PRIVILEGES ON DATABASE production to myuser;
GRANT
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO myuser;
GRANT
Then, I quit, log in with the new created user myuser, and choose the production database.
\q
psql -h localhost -p 5432 -d production -U myuser
\c production
But, when I try to select table users, I don't have permissions.
What's the problem?
select * from users;
ERROR: permission denied for relation users
Any help is much appreciated.

Related

Permission denied to drop objects

Running drop owned by <username>; gives me ERROR: permission denied to drop objects. I can login/create/insert/update/alter etc fine.
Created the db and role like so:
sudo psql -U postgres
CREATE USER <username> WITH PASSWORD '<password>';
CREATE DATABASE <dbname> OWNER <username> ;
Looking up the problem, these are some of the things I ran that did not solve the issue:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO <username>;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO <username>;
GRANT ALL PRIVILEGES ON DATABASE <dbname> to <username>;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO <username>;
Only the owner, or a superuser, can drop an object. There is no privilege which allows dropping of an object, hence this is not something which can be granted to others.

how to get pg_dump to include create user command

I need to create a dump of all the commands below.
test=> create user rdstest login password 'rdstest';
CREATE ROLE
test=> grant connect on database test to rdstest;
GRANT
test=> create user devadmin login password 'devtest';
CREATE ROLE
test=> grant connect on database test to devadmin;
GRANT
test=> grant rdstest to devadmin with admin option;
GRANT ROLE
test=> grant rdstest to devadmin;
GRANT ROLE
test=> create schema authorization rdstest;
CREATE SCHEMA
when i tried to create it using pg_dump
as pg_dump -U devadmin -h ****xxx.rds.amazonaws.com test > Outfile.sql
I can only see the schema related commands
CREATE SCHEMA rdstest;
ALTER SCHEMA rdstest OWNER TO rdstest;
How to get pg_dump to include all the commands:create user command,grant connect on database test to rdstest etc.
pg_dump can not do that, because pg_dump only dumps a single database and that information is not part of one database, but stored globally in the Postgres "cluster".
You need to use pg_dumpall for that, using the --globals-only option:
pg_dumpall --globals-only --file=globals.sql

Unable to add Postgres user to existing readonly role

I'm attempting to add a new user "svcUatOlapEdw" to an existing RHEL 7 server running PSQL 9.4.
Using inet authentication (after su - postgres) and working from a PSQL prompt as follows:
-bash-4.2$ psql
psql (9.4.6)
Type "help" for help.
postgres=#
The commands I successfully executed were:
CREATE USER svcUatOlapEdw
GRANT readonly to svcUatOlapEdw
However, when attempting to connect from a client, I'm getting:
-bash-4.1$ psql -h myserver -d postgres -U svcUatOlapEdw -W
Password for user svcUatOlapEdw:
psql: FATAL: role "svcUatOlapEdw" does not exist
I'm not sure what I'm doing wrong here - any help would be appreciated.
Additionally, I also tried:
CREATE ROLE svcUatOlapEdw
which didn't resolve the issue either.
Thanks
Unquoted identifiers are folded to lower case in Postgres. So CREATE USER svcUatOlapEdw creates a user with the name svcuatolapedw. Any identifier you pass through SQL statements is also folded to lower case, that's why GRANT readonly to svcUatOlapEdw works (it's executed as GRANT readonly to svcuatolapedw).
However, psql passes the user name "as-is" and tries to log on with a user named "svcUatOlapEdw". You need to pass the username in lower case:
psql -h myserver -d postgres -U svcuatolapedw -W
Edit
If you want to create a user with upper/lower case name you have to use a quoted identifier:
CREATE USER "svcUatOlapEdw";
GRANT readonly to "svcUatOlapEdw";
sudo -u postgres psql
CREATE ROLE read_only_user WITH LOGIN PASSWORD 'StrongPass123123123' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';
GRANT CONNECT ON DATABASE "yourdatabase" TO read_only_user;
GRANT USAGE ON SCHEMA public TO read_only_user;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only_user;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO read_only_user;
It works on Psql 14, Ubuntu 18

Postgres user permission is not working

I have created a Postgres user user1, and granted all permission to my_db, when I try to select a table from the database, I'm getting a permission denied error.
Create user1
>>zya$ psql -d postgres
psql (9.6.3)
Type "help" for help.
postgres=# CREATE USER user1 WITH PASSWORD 'password1';
CREATE ROLE
postgres=# GRANT ALL PRIVILEGES ON DATABASE my_db to user1;
GRANT
postgres=# \q
Login as user1
>>zya$ psql -d my_db --username=user1
psql (9.6.3)
Type "help" for help.
my_db=> SELECT DISTINCT name FROM user_tbl order by id;
ERROR: permission denied for relation user_tbl
ALTER DATABASE name OWNER TO new_owner;
you have to change database my_db owner to your username user1
I know this might be late but what you might want to do is to assign
This is from my trials and I was able to fix similar issue. It seems you have to set similar privileges to tables function and sequences like shown below
GRANT ALL PRIVILEGES ON DATABASE yourdb TO yourusr;
GRANT ALL ON ALL TABLES IN SCHEMA your_schema TO yourusr;
GRANT ALL ON ALL SEQUENCES IN SCHEMA your_schema TO yourusr;
GRANT ALL ON ALL FUNCTIONS IN SCHEMA your_schema TO yourusr;

Postgres owner needs usage and select permission separately?

Here is what I did:
Create user:
CREATE USER user1 WITH PASSWORD 'userpass';
Create database with owner:
createdb -U postgres database1 -O user1
But the user user1 cannot run select statements. I have to do:
GRANT SELECT ON ALL TABLES IN SCHEMA public TO user1;
GRANT USAGE ON SCHEMA public TO user1;
Why it is happening so? Any way to grant all privileges including select to user while creating database. Is owner doesn't mean he can run select queries? How to simplify this? Thanks.