I'd puzzled, being a newbie to postgresql.
I have a database named "Launch"
I'm running:
GRANT ALL PRIVILEGES ON DATABASE Launch TO admin;
user admin has privileges like:
Additionally, running postgres command:
\list
yields the database "Launch"
The only thing I did see was, there was no entry for "Access Privileges" for the database Launch:
What am I doing wrong here?
Lesson learned the long way:
GRANT ALL PRIVILEGES ON DATABASE <yourdbhere> TO <youruserhere>;
the <yourdbhere> the db name MUST be in lower case. By using Launch for my db name - it was messing things up.
Related
I am using PostgreSQL as my database along with Prisma as my ORM.It seems to be giving an issue while running the 'prisma migrate' command on the server which seems to be an issue of user database privileges not being present.What are the basic user privileges that are required for Prisma while using Postgres apart from the option of giving full admin rights?
Database user needs to have a CREATEDB privilege for using migrate commands in PostgreSQL.
Here's a reference to privileges needed for each supported database: Reference.
I'm migrating all the role from my PostgreSQL hosted in GCE VM to Cloud SQL by generating dump file
sudo -Hu postgres pg_dumpall -U postgres --globals-only --file=globals.sql
When I import the same(globals.sql) in Cloud SQL I came across below error:
exit status 3 SET SET SET CREATE ROLE ERROR: must be superuser to alter superusers
Note:
I used postgres user to import this dump file to the cloud sql database.
I'm curious is there any other way to tackle this since postgres user does not have superuser privileges?
I tried executed one query from globals.sql file using cloud shell, below is the output:
postgres=> CREATE ROLE vipinm;
CREATE ROLE
postgres=> ALTER ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
ERROR: must be superuser to alter superusers
Thanks in advance!
The psql documentation says:
psql returns 0 to the shell if it finished normally, 1 if a fatal error of its own occurs (e.g., out of memory, file not found), 2 if the connection to the server went bad and the session was not interactive, and 3 if an error occurred in a script and the variable ON_ERROR_STOP was set.
So don't set ON_ERROR_STOP.
The error means that you cannot execute the following line from your dump:
ALTER ROLE postgres WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION BYPASSRLS;
That is fine, and you can ignore the error.
This is kind of a bug. As a non-superuser, you can't even reiterate that another role is still not a superuser, as even mentioning anything about superusers even when it would have no effect throws an error. You can get around this by creating the role in its final state, rather than doing the CREATE then ALTER dance that pg_dump likes to do.
CREATE ROLE vipinm WITH NOSUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS;
Alternatively, you could remove from the ALTER statement all the attributes that don't cause any change but merely reiterate the current state of things, leaving:
ALTER ROLE vipinm WITH LOGIN;
created a postgresql instance on AWS with the username ziggy. I restored a database to that instance. however I cannot even select any of the tables
select * FROM mac_childcare_parcels
gives me ERROR: permission denied for relation mac_childcare_parcels
********** Error **********
the owner of that table belongs to the postgres login.
so i tried running this: grant all privileges on all tables in schema public to ziggy but since I am not a superuser I cannot give myself privileges so that throws a permissions error. what do I have to do to get access to the tables?
this does not work either
grant select on mac_childcare_parcels to ziggy
this query returns successful but does not let the login ziggy access the tables
GRANT USAGE ON SCHEMA public TO ziggy;
First login with superuser and provide all rds superuser access to the newly created user using a command like below
GRANT rds_superuser TO ziggy;
replace rds_superuser with your rds superuser.
You need to also GRANT USAGE on the SCHEMA, e.g.
GRANT USAGE ON SCHEMA public TO ziggy;
The superuser access is needed to run the access level queries. But as you said that access is not present then i would say copy the replica of the db which you have restored from backup and grant yourself as superuser.
then provide all needed access to any users.
I've just set up Postgres for use by different users on my network. Every user has his own username/password/database, but when I connect to Pg I can also see a 'postgres' database (and even create tables etc). I tried to REVOKE access to that database from public but then it won't let me connect. What exactly is the postgres database and why is it needed? Can I disable it so that users only see the database(s) I've created for them?
The postgres database is created by default when you run initdb.
Quote from the manual:
Creating a database cluster consists of creating the directories in which the database data will live (...) creating the template1 and postgres databases. When you later create a new database, everything in the template1 database is copied. (...) The postgres database is a default database meant for use by users, utilities and third party applications.
There is nothing special about it, and if you don't need it, you can drop it:
drop database postgres;
You need to do that as a superuser of course. The only downside of this is that when you run psql as the postgres operating system user, you need to explicitly provide a database name to connect to
If you drop the postgres database you'll find a few things to be confusing. Most tools default to using it as the default database to connect to, for one thing. Also, anything run under the postgres user will by default expect to connect to the postgres database.
Rather than dropping it, REVOKE the default connect right to it.
REVOKE connect ON DATABASE postgres FROM public;
The superuser (usually postgres), and any users you explicitly grant rights to access the database can still use it as a convenience DB to connect to. But others can't.
To grant connect rights to a user, simply:
GRANT connect ON DATABASE postgres TO myuser;
A fresh installation of PostgreSQL 9.3 (according to the YUM Installation manual on the PostgreSQL wiki) on CentOS 6 (64-bit) will not grant permissions to any users.
I log in to the postgres user and open psql, then I create a role for my default user:
CREATE ROLE <name> WITH PASSWORD '<password>';
and then try to grant it privileges on the default postgres database:
GRANT ALL ON DATABASE postgres TO <user>;
which gives the expected output, but the user does not have any permissions on postgres.
The output of \dp <user> is quizically empty as well. Additional testing shows that I cannot give any users permissions. However, when I try to drop a role that has been granted these nonexistent permissions, it says
ERROR: role "<user>" cannot be dropped because some objects depend on it
DETAIL: privileges for database postgres
I am at a loss. I did also check to make sure the postgres Linux user has the appropriate file permissions on the PostgreSQL data directory.
Presumably you're expecting too much of GRANT ALL ON DATABASE postgres TO <user>;
ALL in this context means that the command is equivalent to:
GRANT CREATE,CONNECT,TEMPORARY ON DATABASE postgres TO <user>;
And the way you create the ROLE, it cannot login to any database anyway (you can check this with \du).
It could if it was created with:
CREATE ROLE name WITH LOGIN PASSWORD 'pass';
or use ALTER ROLE name WITH LOGIN later on.
Starting from this, to give the user permissions to create objects in the database, other forms of GRANT should be used.