I'm attempting to add a new user "svcUatOlapEdw" to an existing RHEL 7 server running PSQL 9.4.
Using inet authentication (after su - postgres) and working from a PSQL prompt as follows:
-bash-4.2$ psql
psql (9.4.6)
Type "help" for help.
postgres=#
The commands I successfully executed were:
CREATE USER svcUatOlapEdw
GRANT readonly to svcUatOlapEdw
However, when attempting to connect from a client, I'm getting:
-bash-4.1$ psql -h myserver -d postgres -U svcUatOlapEdw -W
Password for user svcUatOlapEdw:
psql: FATAL: role "svcUatOlapEdw" does not exist
I'm not sure what I'm doing wrong here - any help would be appreciated.
Additionally, I also tried:
CREATE ROLE svcUatOlapEdw
which didn't resolve the issue either.
Thanks
Unquoted identifiers are folded to lower case in Postgres. So CREATE USER svcUatOlapEdw creates a user with the name svcuatolapedw. Any identifier you pass through SQL statements is also folded to lower case, that's why GRANT readonly to svcUatOlapEdw works (it's executed as GRANT readonly to svcuatolapedw).
However, psql passes the user name "as-is" and tries to log on with a user named "svcUatOlapEdw". You need to pass the username in lower case:
psql -h myserver -d postgres -U svcuatolapedw -W
Edit
If you want to create a user with upper/lower case name you have to use a quoted identifier:
CREATE USER "svcUatOlapEdw";
GRANT readonly to "svcUatOlapEdw";
sudo -u postgres psql
CREATE ROLE read_only_user WITH LOGIN PASSWORD 'StrongPass123123123' NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';
GRANT CONNECT ON DATABASE "yourdatabase" TO read_only_user;
GRANT USAGE ON SCHEMA public TO read_only_user;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only_user;
GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO read_only_user;
It works on Psql 14, Ubuntu 18
Related
With the postgres user, I can select the table users from the production database.
sudo -u postgres psql
\c production
You are now connected to database "production" as user "postgres".
select * from users;
....the server lists the content of the table...
The problem I have is that if I create a new user and grant access to the users, the new user cannot select it.
More especifically, I create a new user myuser and add all the privileges to the production database and to the public schema.
CREATE USER myuser WITH PASSWORD '12345678';
GRANT ALL PRIVILEGES ON DATABASE production to myuser;
GRANT
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO myuser;
GRANT
Then, I quit, log in with the new created user myuser, and choose the production database.
\q
psql -h localhost -p 5432 -d production -U myuser
\c production
But, when I try to select table users, I don't have permissions.
What's the problem?
select * from users;
ERROR: permission denied for relation users
Any help is much appreciated.
If I create a user logged in as postgres to the root db and create a user... it doesn't work. What am I doing wrong?
postgres=> CREATE ROLE myUser WITH LOGIN PASSWORD 'xxx';
CREATE ROLE
postgres=> GRANT CONNECT ON DATABASE myDatabase TO myUser;
GRANT
postgres=> GRANT USAGE ON SCHEMA public to myUser;
GRANT
postgres=> GRANT SELECT ON ALL TABLES IN SCHEMA public TO myUser;
GRANT
When I go to authenticate I get an error.
psql -h $dbURL -U myUser myDatabase
FATAL: password authentication failed for user myUser
The user you created is "myuser", because case is ignored for SQL identifiers not within double quotes, and folded to lower case. But case is not ignored in command-line tools, so you are trying to log in as non-existent user "myUser". Since non-existent users don't have a password hash, password authentication must fail.
You might want to check if you have a .pgpass file present and inspect the environment variables to see if you have set a PGPASSWORD or PGPASSFILE. In any of these cases, psql will not prompt for the password and take it from the file or variable instead - and if what's there is incorrect, it will give you that exact error.
You can
unset the PGPASSWORD or PGPASSFILE variable
get rid of the .pgpass file
remove the entry corresponding to this connection from .pgpass file
correct the value of PGPASSFILE/PGPASSWORD variable or the contents of .pgpass file
use psql with a -W switch making it ignore other settings and always prompt for a password
alter the host-based authentication settings in pg_hba.conf file to change the authentication method or trust a certain type of connection
I am absolutely new to PostgreSQL. I have the following doubts:
I am able to login to postgresql using
sudo -u postgres psql postgres
I have created a test_db database and inside it a table called test_tbl. I have also created a user test and given it the below privileges:
GRANT CONNECT ON DATABASE test_db TO test;
GRANT SELECT, INSERT, UPDATE, DELETE ON test_tbl TO test;
How do I login to the test_db database as test user? I am only able to login as postgres. If I try login as test I get the below error-
ubuntu#ip-10-81-1-44:~$ psql -U test -d test_db
psql: FATAL: Peer authentication failed for user "test"
How can I encrypt a specific column in table test_tbl, just for user test and no other user?
You are not required to sudo change your user, you can specify that on connect using the -U flag, like so:
psql -U test -d test_db
this will try to connect you to the database test_db as user test and if a password is required you will be prompted, other flags such as host, port etc are listed here
https://www.postgresql.org/docs/current/app-psql.html
You will have to create an entry in pg_hba.conf that allows the user into the database. Don't forget to reload PostgreSQL.
Read the documentation about client authentication for more.
To encrypt a column, you need application code that does the encryption and decryption.
Perhaps you can get what you want with column privileges:
GRANT SELECT ON test_tbl TO test;
GRANT SELECT (col1, col2, ...) ON test_tbl TO PUBLIC;
Here you list all columns except the one you want to hide.
Then only user test can SELECT that column.
An alternative is to restrict SELECT to test only and provide to the others a view that shows everything except the hidden columns.
I am pretty much confused about root user,super user,user and permissions! I am not able to create a database inside user "athleticu". Following are the commands I used:-
athleticu#ip-172-30-4-103:/home/ubuntu$ createdb -T template0 simple_db1
createdb: database creation failed: ERROR: permission denied to create database
athleticu#ip-172-30-4-103:/home/ubuntu$ sudo createdb -T template0 simple_db1
sudo: unable to resolve host ip-172-30-4-103
createdb: could not connect to database template1: FATAL: role "root" does not exist
Please somebody clarify my doubts and tell me what should I write!
Hey I have already solved this. What you have to do is to first login as postgres user as follows:
$ su postgres
$ psql
postgres=# alter user athleticu createdb;
ALTER ROLE
Hope it helps you :)
Type \du in psql and you will see a list of all the registered users and what type of privileges each one has.
In order to grant privileges to the user which is logged in (eg 'user1'), I had to sign out and log in using one of the superuser roles in that list (eg. 'user2'), using the following command:
psql -U 'user2' -h localhost 'database2'
where 'database2' is the name of the one that specific superuser 'user2' has privileges to.
Once you are logged in as a superuser, you can grant privileges to 'user1' by:
ALTER ROLE user1 WITH CREATEDB
or
ALTER ROLE user1 WITH SUPERUSER
Then sign in again as user1, who is now a superuser.
This blog was helpful as well as this link.
Currently, this worked for me:
sudo su postgres
psql
ALTER USER username WITH CREATEDB;
\q
exit
The root user is an account on the system independent from Postgres. There is only one root user.
A superuser is an account in Postgres with access to everything. There may be many superusers.
System accounts and Postgres accounts are different things, although unless you specify a Postgres username when you connect to the database (through utilities like psql, createdb, dropdb, or otherwise), it will use the current system user's name in hopes that there is a corresponding Postgres account with the same name. The root user does not, by default, have a corresponding account in Postgres.
When you install Postgres on *nix, it creates both a superuser named postgres and a system user named postgres.
Therefore, when you need to do something with Postgres as the built-in superuser, you have two options:
You may sudo su - postgres to become the postgres system user and execute your command (createdb, psql, etc). Because the system user has the same name as the database superuser, your command will connect as the appropriate account.
You may specify the username to execute as with the -U switch, eg psql -U postgres ....
Depending on your Postgres server's authentication settings, you may be required to enter a password with either or both connection methods.
What you can do when you have fresh installation of PostgreSQL is create your user with some rights (see createuser documentation):
my-user> sudo su - postgres -c "createuser <my-user> --createdb"
This will allow my-user to create DBs just like so:
my-user> createdb <my-db>
If you want the my-user to be able to do anything just use the --superuser flag instead:
my-user> sudo su - postgres -c "createuser <my-user> --superuser"
I got the same error and I found out that the reason was that I was trying to create a database outside of psql as a user which did not exist for postgresql. I found out about it and solved it by taking the following steps:
In my terminal I logged in as postgres user (the root user by default for postgresql) by typing sudo -u postgres psql
While inside the psql I typed \du to see all users and their privileges. I found out that I had only one user (the postgres one) and I had to create another superuser which had the same username as my Linux user (george)
I typed (still inside psql) CREATE USER george SUPERUSER; and this way I created a new super user called george.
I exited psql (by typing \q) and I was now able from outside psql, meaning from my terminal, to run created db <database name> with no issues at all.
Error ? You are trying to perform database actions( Creating Database, creating Roles) using a user that doesn't have the permission for those types of actions you are trying to perform.
solution ? Simply login to your database on the command line, i.e for PostgreSQL one will use "sudo -u postgres psql", then confirm that users specific assigned roles using the command "\du", most probably he/she doesn't have the necessary permissions to perform the actions you wanted. Then simply assign the roles you want the user to perform ,i.e create Database or simply make user "Superuser" by following along(https://chartio.com/resources/tutorials/how-to-change-a-user-to-superuser-in-postgresql/)
I recently created a test database but I would like it to be accessible to all users.
I created the database as user postgres then use the command
GRANT ALL ON DATABASE dbname TO public;
But when I log out and try to connect to it with a different user I get this error
psql -d dbname
psql: FATAL: role "username" does not exist
I don't want to have to create a user for each person who will be accessing the database which is the reason i wanted to make it public. Is there a permission that I am still missing?
Although access to everybody (public) is granted, the user you connect with has to exist. The default for psql is the username of your system account. You can, of course, create a passwordless anonymous user everybody can use to connect:
psql -U anonymous dbname