| From: | Wells Oliver <wells(dot)oliver(at)gmail(dot)com> |
|---|---|
| To: | Holger Jakobs <holger(at)jakobs(dot)com> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Baffled by basic permission issue. |
| Date: | 2021-06-16 21:19:22 |
| Message-ID: | CAOC+FBWKzb0d9xyUc3SBPHBFWXCQxvAsSV01aBG=sNXgmGfpeg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
As one last follow up, and I apologize for the volume, but this might be
related to RDS: our DBs were in a 'Modifying...' state and being backed up,
and now something has changed, and we can query these views again. I don't
understand. Maybe the underlying tables were temporarily locked during some
RDS backup process.
Anyone run into that kind of thing?
On Wed, Jun 16, 2021 at 2:10 PM Wells Oliver <wells(dot)oliver(at)gmail(dot)com> wrote:
> To follow up a bit, it seems clear to me that after I restored to a new
> server, there's some setting (maybe?) preventing folks from querying
> objects owned by other users EVEN if they have SELECT perms on the object,
> and USAGE on the schema. Is this a possibility?
>
> On Wed, Jun 16, 2021 at 2:01 PM Wells Oliver <wells(dot)oliver(at)gmail(dot)com>
> wrote:
>
>> The role has SELECT perm on the view and on the underlying tables and I
>> am received a permission denied table on the table while trying to select
>> from the view. The view is owned by a different user but SELECT perms are
>> very clearly granted to my role.
>>
>> On Wed, Jun 16, 2021 at 1:58 PM Holger Jakobs <holger(at)jakobs(dot)com> wrote:
>>
>>> If you want to use a view, you need the permissions for it. Not for the
>>> underlying tables
>>>
>>> Am 16. Juni 2021 22:56:17 MESZ schrieb Wells Oliver <
>>> wells(dot)oliver(at)gmail(dot)com>:
>>>>
>>>> I have a view that does this:
>>>>
>>>> create view stats.v
>>>> select * from stats.t
>>>> join alias.i ON t.id = i.id
>>>> join alias.i2 ON t.id2 = i2.id;
>>>>
>>>> And when I do: SELECT * FROM stats.v I receive: *ERROR: permission
>>>> denied for table i*
>>>>
>>>> However, if I paste the contents of the view as a query and run it
>>>> manually, it works fine.
>>>>
>>>> I can also query alias.i as I please.
>>>>
>>>> The role I am using to connect has USAGE on both stats and alias, it
>>>> also has SELECT on the table as well as the view.
>>>>
>>>> The only difference is that the view is owned by a different user than
>>>> the tables, though the SELECT permissions are definitely granted.
>>>>
>>>> psql 13.2
>>>>
>>>> --
>>>> Wells Oliver
>>>> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>>>>
>>>
>>> --
>>> Holger Jakobs, Bergisch Gladbach
>>> +49 178 9759012
>>> - sent from mobile, therefore short -
>>>
>>
>>
>> --
>> Wells Oliver
>> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>>
>
>
> --
> Wells Oliver
> wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
>
--
Wells Oliver
wells(dot)oliver(at)gmail(dot)com <wellsoliver(at)gmail(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-06-16 21:21:35 | Re: Baffled by basic permission issue. |
| Previous Message | Wells Oliver | 2021-06-16 21:10:02 | Re: Baffled by basic permission issue. |