Re: User granted all access to schema, but can't see tables

John Scalia <jayknowsunix@xxxxxxxxx> · Fri, 18 Dec 2020 08:06:22 -0500

Try doing a \dpp <table_name> and see if the table contains a line for the stansuser. Perhaps there was a problem with the default privileges. Oh, and case you didn’t know this, newly set default privileges only effect an object created after the fact, they do not alter privileges for any existing object.

Sent from my iPad

> On Dec 18, 2020, at 7:57 AM, Ron <ronljohnsonjr@xxxxxxxxx> wrote:
> 
> The database name is "sides", as show in the psql prompt.  User "stransuser" can connect to the database as shown below when it tries to query tables but gets "permission denied".
> 
>> On 12/18/20 6:26 AM, John Scalia wrote:
>> Does the stansuser have connect privileges to the actual database where the schema and tables are?
>> 
>> GRANT connect ON DATABASE <stans_whatever> TO stansuser;
>> 
>> Note that since you didn’t tell us what the database name is here, you’ll need to substitute the actual name of it where I indicated <stans_whatever>.
>> —
>> Jay
>> 
>> Sent from my iPad
>> 
>>>> On Dec 18, 2020, at 7:07 AM, Ron <ronljohnsonjr@xxxxxxxxx> wrote:
>>> 
>>> This is v12 from RHEL repos.
>>> 
>>> As user postgres, I run:
>>> 
>>> sides=# grant all on SCHEMA strans TO stransuser;
>>> GRANT
>>> 
>>> sides=# ALTER DEFAULT PRIVILEGES IN SCHEMA strans GRANT all on tables to stransuser;
>>> ALTER DEFAULT PRIVILEGES
>>> 
>>> sides=# GRANT USAGE ON SCHEMA strans TO stransuser;
>>> GRANT
>>> 
>>> But user stransuser still can’t access tables
>>> 
>>> sides=> \d
>>>              List of relations
>>> Schema |    Name    |   Type   |  Owner
>>> --------+------------+----------+----------
>>> strans | foo        | table    | postgres
>>> strans | foo_id_seq | sequence | postgres
>>> (2 rows)
>>> 
>>> sides=> select * from strans.foo;
>>> ERROR:  permission denied for table foo
>>> 
>>> sides=> \z strans.foo
>>>                                 Access privileges
>>> Schema | Name | Type  |     Access privileges     | Column privileges | Policies
>>> --------+------+-------+---------------------------+-------------------+----------
>>> strans | foo  | table | postgres=arwdDxt/postgres+|                   |
>>>        |      |       | READWRITE=arwdD/postgres +|                   |
>>>        |      |       | READONLY=r/postgres |                   |
>>> (1 row)
>>> 
>>> What am I missing?
>>> 
>>> -- 
>>> Angular momentum makes the world go 'round.
>>> 
>>> 
> 
> -- 
> Angular momentum makes the world go 'round.
> 
> 