Re: Fwd: Why does pg_rewind deny permission for pg_read_binary_file() other than 'dbname=postgres'?

Thanks a lot Tom!
I really appreciate it. It worked after I did these in psql:
postgres-# \c repmgr
repmgr=# GRANT EXECUTE ON function pg_catalog.pg_ls_dir(text, boolean,
boolean) TO rewinder;
GRANT
repmgr=# GRANT EXECUTE ON function pg_catalog.pg_stat_file(text, boolean)
TO rewinder;
GRANT
repmgr=# GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text) TO
rewinder;
GRANT
repmgr=# GRANT EXECUTE ON function pg_catalog.pg_read_binary_file(text,
bigint, bigint, boolean) TO rewinder;
GRANT

Now pg_rewind has no problem when user=rewinder & dbname=repmgr:
$ pg_rewind -D /pgdata --source-server='host=172.17.1.2 port=5432
user=rewinder dbname=repmgr connect_timeout=5'
pg_rewind: source and target cluster are on the same timeline
pg_rewind: no rewind required

Still, I wish psql can specify this database limitation explicitly, either
enforcing the command with 'IN DATABASE [dbname]', or emphasize it in
feedback rather than a simple 'GRANT'.

On Fri, Oct 13, 2023 at 10:03 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Zhaoxun Yan <yan(dot)zhaoxun(at)gmail(dot)com> writes:
> > The results are the same, 'dbname=repmgr' is the root cause of the error,
> > since 'dbname=postgres' went well with both 'user=rep' and
> 'user=rewinder',
> > while 'dbname=repmgr' generates exactly the same error.
>
> As far as I can tell, you granted permissions on that function
> in the postgres database, but not any other database. Function
> permissions, like most others, are database-local in Postgres.
>
> regards, tom lane
>