Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tcX4F-000m8q-GH
	for pgsql-general@arkaria.postgresql.org; Mon, 27 Jan 2025 21:54:52 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tcX4E-00F3JZ-9i
	for pgsql-general@arkaria.postgresql.org; Mon, 27 Jan 2025 21:54:50 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tcX4C-00F3JP-UY
	for pgsql-general@lists.postgresql.org; Mon, 27 Jan 2025 21:54:49 +0000
Received: from fout-a3-smtp.messagingengine.com ([103.168.172.146])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tcX47-001qz9-38
	for pgsql-general@lists.postgresql.org;
	Mon, 27 Jan 2025 21:54:48 +0000
Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49])
	by mailfout.phl.internal (Postfix) with ESMTP id EA73D1380B51;
	Mon, 27 Jan 2025 16:54:42 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-09.internal (MEProxy); Mon, 27 Jan 2025 16:54:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:cc:content-transfer-encoding:content-type:content-type:date
	:date:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm2; t=1738014882;
	 x=1738101282; bh=vR1idiX3QflvS7jmzhdMAO66Xo+4esGEIGbKqPEzhyo=; b=
	mPXCeU50Xqo6UJdaffa3yZHOR6RPt1N5hfp60yUtvCJ+A7xaBPJhLe8pgvSJIBDP
	bPrgx56+ithKQq+LHzA8Rn30M+DV3i0iKeewi3D9FIi4kXZksCZkVLHa3eE6tPyw
	9Lht/yTa62bS5vYE5M6ML7ZUx2bRyNzPn9fyOQ0UZcmMIZDwQT4HdX6bQ096QrZQ
	jSYxgNaFsfI1+Wv8bdowIhSngbguKLjn23P7ev9hCB1sEt0ZrvgTq7EOsxa29GBP
	fy5fnRaMhMetMNrNujcQcoqwJ0AMcHKaJE3qcPLgWFi0rM44XYENHKcybN2hKe+o
	tmxguwF8dgtC/2yNCmStuw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-transfer-encoding
	:content-type:content-type:date:date:feedback-id:feedback-id
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1738014882; x=
	1738101282; bh=vR1idiX3QflvS7jmzhdMAO66Xo+4esGEIGbKqPEzhyo=; b=Q
	/yANYpvUUvtSIIZ1/3xON0S+R3sCXAB6uhcEL0UONzN4EHaywgR5EyuaaveaYPwi
	0nYUg2OY9Ony5K23qQTx/m++IIy0VHhCki6YAPXkjit2zry5UWFHZEs1NoxF94SH
	ULCGT/0U+xyvwRYG/XgTV1pCtidPXJbAPYy7gIdAaQGLZ64jNxxX58xivnL+6cmi
	PQ9M+ineRxxtJLky7n516erxfT+2IOxNHNiEqxhZ3MdP437BffabQHZ4OTm7lE2W
	t0NzROdmZmB7amrfZJ3Jbd3iftPTmtE83iujUGA+rDGrOxSStKgZzLog3szK7dI9
	Z4l69cLFGiBZuwp2K+R6w==
X-ME-Sender: <xms:ogCYZ6-semxrOIFbFVIhPerPUxEy7nKWLZP30ABxickMKOoKv8C-Gg>
    <xme:ogCYZ6vcqqKEdzZQ_KWbZvcR81Bam2izBtXwQ1WB4I3J-p_6A8vW0Qu8aUR2NaG2x
    YQQSuWJdzYveJg>
X-ME-Received: <xmr:ogCYZwDvBXRWdMUc-iRePINrieroiLqwm-ns9rqP4PY5qvviEhhIN4DN6ml0Jz9-0r2oyGO6fTBZ3z2nDsmQFP8YZ7Gq_x7h>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudejgedgudegfedvucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv
    pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpih
    gvnhhtshculddquddttddmnecujfgurhepkfffgggfuffvvehfhfgjtgfgsehtkeertddt
    vdejnecuhfhrohhmpeetughrihgrnhcumfhlrghvvghruceorggurhhirghnrdhklhgrvh
    gvrhesrghklhgrvhgvrhdrtghomheqnecuggftrfgrthhtvghrnheptdffjeeuheefteei
    udffieeljeeljeffgfellefhhffgkeeiheejffdvgeetuefgnecuffhomhgrihhnpegtih
    dvvdhuuhiigeifiieffedrvghupdgrmhgriihonhgrfihsrdgtohhmnecuvehluhhsthgv
    rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprggurhhirghnrdhklhgrvh
    gvrhesrghklhgrvhgvrhdrtghomhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhht
    phhouhhtpdhrtghpthhtohepshhhrghhvggvughhrghquhgvsehgmhgrihhlrdgtohhmpd
    hrtghpthhtohepphhgshhqlhdqghgvnhgvrhgrlheslhhishhtshdrphhoshhtghhrvghs
    qhhlrdhorhhg
X-ME-Proxy: <xmx:ogCYZycvJFRKQ7VbV0QbwNHylfVfJQhAuDsg6pG_hUuZJf-A-ODzVQ>
    <xmx:ogCYZ_Ph_NvS8joQuxci35pMOrOQ4Vm-qOLVfX11d_IzAT8WnIvG1A>
    <xmx:ogCYZ8kil2QRycMNBX95hgsJ2EGN36WoOyg61HJ5hu-qDgjKroSBwA>
    <xmx:ogCYZxv3g28RgJCWzm2lAadnPX12S6Q2nVJHbx6isdVmEi6gK5saFA>
    <xmx:ogCYZ4Ya2b2JUeak4EmNO6PacoNcURAFN7pJRjD8Jevi2UB4EgBcHyBq>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 27 Jan 2025 16:54:42 -0500 (EST)
Message-ID: <19043fe9-076b-4d94-a81c-f4292551b8be@aklaver.com>
Date: Mon, 27 Jan 2025 13:54:41 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Content of pg_publication using a local connection versus network
 connection?
To: Shaheed Haque <shaheedhaque@gmail.com>
Cc: pgsql-general list <pgsql-general@lists.postgresql.org>
References: <CAHAc2jdj3EFVqc0WCHnQXL3hiJ_mfJH08WW=VznO0YzCjx-eKA@mail.gmail.com>
 <cc0ca54f-8e8f-43e4-ab7e-59790ea5b4fd@aklaver.com>
 <CAHAc2jfZqwGum2CxBHD85FzujohjRC+jKuQB+9dXkFGHdVch0A@mail.gmail.com>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <CAHAc2jfZqwGum2CxBHD85FzujohjRC+jKuQB+9dXkFGHdVch0A@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/19043fe9-076b-4d94-a81c-f4292551b8be%40aklaver.com>
Precedence: bulk

On 1/27/25 13:34, Shaheed Haque wrote:
> Hi Adrian,
> 
> On Mon, 27 Jan 2025 at 20:51, Adrian Klaver <adrian.klaver@aklaver.com 
> <mailto:adrian.klaver@aklaver.com>> wrote:
> 
>     On 1/27/25 12:41, Shaheed Haque wrote:
>      > Hi,
>      >
>      > I'm a novice-ish when it comes to Postgres, but I've studied the
>     docs
>      > and not been able to understand why I can see the rows in
>     pg_publication
>      > via a local psql session, but not when I am connected via the
>     network.
>      >
>      > Since the network login is (a) successful and (b) can read the
>     content
>      > of other non-system tables, I guessed that my problem is row-level
>      > security (RLS)....except that from the docs, I was unable to see
>     how the
>      > login type could affect RLS. What am I missing?
>      >
>      > Here is some context...please do ask if something else needs to be
>      > clarified!
>      >
>      > - System Postgres 16, AWS RDS version.
>      > - The pg_publication tabe looks like this:
>      >
>      > foo=>  \dpS pg_publication
>      >                                        Access privileges
>      >    Schema   |      Name      | Type  |     Access privileges     |
>      > Column privileges | Policies
>      >
>     ------------+----------------+-------+---------------------------+-------------------+----------
>      > pg_catalog | pg_publication | table | rdsadmin=arwdDxt/rdsadmin+|
>      >                    |
>      >             |                |       | =r/rdsadmin               |
>      >                    |
>      >
>      >
>      > - When I am logged in as this user via psql, I  can see:
> 
>     This user is rdsadmin or something else?
> 
> 
> The username is "dbcorexyz". See more  below.
> 
>      >
>      > foo=> select * from pg_publication;
>      >   oid  |      pubname      | pubowner | puballtables | pubinsert |
>      > pubupdate | pubdelete | pubtruncate | pubviaroot
>      >
>     -------+-------------------+----------+--------------+-----------+-----------+-----------+-------------+------------
>      > 98923 | vm_db_publication |    16478 | t            | t         | t
>      >          | t         | t           | f
>      >
>      >
>      > - When I connect via psycog, I can read other tables, but
>     pg_publication
>      > aways seems to return no rows.
> 
>     1) What is your connection string?
>          In particular what user are you connecting as?
> 
> 
> When I use psql, I first have to SSH to an AWS EC2, and then run psql. 
> Thus, the details in this case are:
> 
>   * ssh -i vm_paiyroll.pem awsuser@18.168.196.169
>     <mailto:awsuser@18.168.196.169>
>   * foo=> \conninfo 
> 
> You are connected to database "foo" as user "dbcorexyz" on host 
> "live-paiyroll-db-c702180bbf.ci22uuz4wz33.eu-west-2.rds.amazonaws.com 
> <http://live-paiyroll-db-c702180bbf.ci22uuz4wz33.eu-west-2.rds.amazonaws.com>" (address "172.31.4.93") at port "5432".
> SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, 
> compression: off)
> 
> When I connect via pscopg, I first set up an SSH tunnel through the EC2 
> host, and then connect. Thus the details in this case are:
> 
>   *
> 
>     bastion_host.ssh_host is '18.168.196.169', bastion_host.ssh_usernme isawsuser
> 
>   * <psycopg_binary.pq.PGconn [INTRANS] (host=localhost user=dbcorexyz
>     database=foo) at 0x7f6bfd554a90>
> 
> I *am* dealing with multiple db connections (am working on some 
> replication tooling) but AFAICS, both connections are to the same place.
> 

Are you sure?

 From psql connection:

You are connected to database "foo" as user "dbcorexyz" on host 
"live-paiyroll-db-c702180bbf.ci22uuz4wz33.eu-west-2.rds.amazonaws.com" 
(address "172.31.4.93")

Note host of 172.31.4.93

In psycopg2 case you again connect to 18.168.196.169 for SSH but then:

(host=localhost ...)

I'm not seeing localhost being equal to 172.31.4.93.



-- 
Adrian Klaver
adrian.klaver@aklaver.com