public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: mrudula attili <[email protected]>
Cc: [email protected]
Subject: Re: Can't create a table with vector type as a non-super user
Date: Tue, 30 Sep 2025 12:28:33 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CACmLaviY60Vx64hcacS687kBA3tXRfcYzrSJb6XaHU4X5qOrmQ@mail.gmail.com>
References: <CACmLaviY60Vx64hcacS687kBA3tXRfcYzrSJb6XaHU4X5qOrmQ@mail.gmail.com>
mrudula attili <[email protected]> writes:
> But a non super user (a read write user of the database) is not able to
> create a table with vector type and keeps getting the below error.
> CREATE TABLE items (id bigserial PRIMARY KEY, embedding vector(3))
> [2025-09-30 09:22:29] [42704] ERROR: type "vector" does not exist
> [2025-09-30 09:22:29] Position: 57
Well, you have to grant usage on whatever schema the type is in.
> As its a production environment, we are not really happy to give away the
> usage on public schema.
This seems like a very strange requirement. What are you keeping in
"public" that you don't want to be generally available in that
database, and why? You do understand the difference between USAGE
and CREATE privileges for schemas, right?
> Is there a way we could get the end users make use of the extension without
> granting usage on public schema
You could put it in some other schema, but then users would have to
adjust their search_path or name the schema explicitly. The design
expectation is that you use the public schema for stuff that should
be available to all SQL users, and put stuff that needs more
protection in some other schema(s).
There is a reasonable debate about whether giving out CREATE privilege
on the public schema is a good idea (probably not, if you have
not-fully-trustworthy users). But I'm having a hard time seeing why
you'd not want to give out USAGE.
regards, tom lane
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: Can't create a table with vector type as a non-super user
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox