I am running this command
gcloud sql import sql db1 gs://mybucket/sqldumpfile.gz --database=mydb1
to import a database snapshot into a new database. Before running it, I recreated the same users I had in the source database, using Cloud Console. However, I keep on getting this error:
ERROR: must be member of role "postgres"
STATEMENT: ALTER DEFAULT PRIVILEGES FOR ROLE postgres IN SCHEMA public GRANT SELECT ON TABLES TO user1;
I am not sure what to do and which user must be "member of role postgres".
Any advice is appreciated
To grant default privileges for user2, use the FOR ROLE clause:
ALTER DEFAULT PRIVILEGES FOR USER <user-1> IN SCHEMA <user-1> GRANT INSERT, UPDATE, DELETE ON TABLES TO <user-2>;
ALTER DEFAULT PRIVILEGES FOR USER <user-1> IN SCHEMA <user-1> GRANT SELECT ON TABLES TO <user-2>;
You need to grant the rights from the user-1 which is creating the table, So whenever the user-1 creates a table, it will grant the SELECT rights for the user-2.
For more information refer to this document.
I'm trying to create a user with read-only permission in Postgres on AWS.
CREATE USER readonly_username WITH PASSWORD 'password';
GRANT USAGE ON SCHEMA public to readonly_username;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_username;
After that i gave SELECT permission new tables:
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readonly_username;
But when i try to give permission to existing tables i got an error:
GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly_username;
ERROR: permission denied for relation admin_log
Can anyone help me?
If you use Hibernate to create tables, those tables are inaccessible to other users (they are owned by cloudsqladmin). All attempts to GRANT permission to other users have failed, so when I'm accessing it via shell or GUI using the only credentials I have (the non-cloudsqladmin users), they have no access to these tables other than to list the columns in the table.
Through IAM I have granted the service account access to all permissions.
eg. logged in as the postgres user:
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO postgres;
ERROR: permission denied for relation mytable
GRANT SELECT ON post to postgres;
ERROR: permission denied for relation mytable
ALTER TABLE public.mytable OWNER to postgres;
ERROR: must be owner of relation mytable
I would like to note that the postgres user is able to fully manipulate tables that were not created with hibernate, and hibernate is able to fully manipulate the data, just not the other users I created.
So the final solution was painfully simple. Simply:
GRANT user_you_authed_in_java TO user_you_want_to_use;
I entered postgres console with sudo and did this:
create user uu with password 'uu';
create database u_db owner uu;
grant all privileges on u_db to uu;
Error: Relation u_db doesnt exist.
You have to use the keyword DATABASE for granting here. So I'm posting you the output from psql in:
postgres=# create user uu with password 'uu';
CREATE ROLE
postgres=# create database u_db owner uu;
CREATE DATABASE
postgres=# grant all privileges on u_db to uu;
FEHLER: Relation »u_db« existiert nicht
postgres=# grant all privileges on database u_db to uu;
GRANT
However. IMHO through the owner setting of database you don't need to grant extra rights for the user uu.
I tried to run simple SQL command:
select * from site_adzone;
and I got this error
ERROR: permission denied for relation site_adzone
What could be the problem here?
I tried also to do select for other tables and got same issue. I also tried to do this:
GRANT ALL PRIVILEGES ON DATABASE jerry to tom;
but I got this response from console
WARNING: no privileges were granted for "jerry"
Does anyone have any idea what can be wrong?
GRANT on the database is not what you need. Grant on the tables directly.
Granting privileges on the database mostly is used to grant or revoke connect privileges. This allows you to specify who may do stuff in the database if they have sufficient other permissions.
You want instead:
GRANT ALL PRIVILEGES ON TABLE side_adzone TO jerry;
This will take care of this issue.
Posting Ron E answer for grant privileges on all tables as it might be useful to others.
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO jerry;
Connect to the right database first, then run:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO jerry;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public to jerry;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public to jerry;
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public to jerry;
1st and important step is connect to your db:
psql -d yourDBName
2 step, grant privileges
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO userName;
To grant permissions to all of the existing tables in the schema use:
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA <schema> TO <role>
To specify default permissions that will be applied to future tables use:
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema>
GRANT <privileges> ON TABLES TO <role>;
e.g.
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO admin;
If you use SERIAL or BIGSERIAL columns then you will probably want to do the same for SEQUENCES, or else your INSERT will fail (Postgres 10's IDENTITY doesn't suffer from that problem, and is recommended over the SERIAL types), i.e.
ALTER DEFAULT PRIVILEGES IN SCHEMA <schema> GRANT ALL ON SEQUENCES TO <role>;
See also my answer to PostgreSQL Permissions for Web App for more details and a reusable script.
Ref:
GRANT
ALTER DEFAULT PRIVILEGES
This frequently happens when you create a table as user postgres and then try to access it as an ordinary user.
In this case it is best to log in as the postgres user and change the ownership of the table with the command:
alter table <TABLE> owner to <USER>;
Make sure you log into psql as the owner of the tables.
to find out who own the tables use \dt
psql -h CONNECTION_STRING DBNAME -U OWNER_OF_THE_TABLES
then you can run the GRANTS
You should:
connect to the database by means of the DBeaver with postgres user
on the left tab open your database
open Roles tab/dropdown
select your user
on the right tab press 'Permissions tab'
press your schema tab
press tables tab/dropdown
select all tables
select all required permissions checkboxes (or press Grant All)
press Save
As you are looking for select permissions, I would suggest you to grant only select rather than all privileges. You can do this by:
GRANT SELECT ON <table> TO <role>;
I ran into this after switching a user to another user that also needed to have the same rights, I kept getting the error: "must be owner of relation xx"
fix was to simply give all rights from old user to new user:
postgres-# Grant <old user> to <new user>;
For PostgreSQL. On bash terminal, run this:
psql db_name -c "GRANT ALL ON ALL TABLES IN SCHEMA public to db_user;"
psql db_name -c "GRANT ALL ON ALL SEQUENCES IN SCHEMA public to db_user;"
psql db_name -c "GRANT ALL ON ALL FUNCTIONS IN SCHEMA public to db_user;"