public inbox for [email protected]
help / color / mirror / Atom feedAssistance needed for the query execution in non-public schema
3+ messages / 3 participants
[nested] [flat]
* Assistance needed for the query execution in non-public schema
@ 2024-04-16 11:00 Sasmit Utkarsh <[email protected]>
0 siblings, 2 replies; 3+ messages in thread
From: Sasmit Utkarsh @ 2024-04-16 11:00 UTC (permalink / raw)
To: [email protected]
Hi Postgresql Team,
I'm trying to execute the below query using the below
psql 'host=cucmpsgsu0.postgres.database.azure.com port=5432 dbname=msshctd
user=shc_uadmin password=xxxxx sslmode=require
options=--search_path=shc_tty'
msshctd=> show search_path;
search_path
-------------
shc_tty
(1 row)
msshctd=> SELECT setval(pg_get_serial_sequence('mqa_flfo_cstr', 'id'),
coalesce(MAX(id), 1)) from mqa_flfo_cstr;
*ERROR: permission denied for sequence mqa_flfo_cstr_id_seq*
msshctd=> SELECT setval(pg_get_serial_sequence('mqa_ffp_nval', 'id'),
coalesce(MAX(id), 1)) from mqa_ffp_nval;
*ERROR: permission denied for sequence mqa_ffp_nval_id_seq*
msshctd=> \z mqa_flfo_cstr_id_seq
Access privileges
Schema | Name | Type | Access privileges |
Column privileges | Policies
---------+----------------------+----------+-----------------------------+-------------------+----------
shc_tty | mqa_flfo_cstr_id_seq | sequence | pgddb_admin=rwU/pgddb_admin+|
|
| | | *shc_uadmin=rU/pgddb_admin*
| |
(1 row)
msshctd=> \z mqa_ffp_nval_id_seq
Access privileges
Schema | Name | Type | Access privileges |
Column privileges | Policies
---------+---------------------+----------+-----------------------------+-------------------+----------
shc_tty | mqa_ffp_nval_id_seq | sequence | pgddb_admin=rwU/pgddb_admin+|
|
| | | *shc_uadmin=rU/pgddb_admin * |
|
(1 row)
Above query executes fine when I try to execute as user *"pgddb_admin"(Super
User)*. but when I switch to shc_uadmin, I see a permission error. Above
I've included the permissions listed for both the users. I also tried to
set the alter permissions for one of the sequence for the shc_uadmin user
with the below
GRANT USAGE, ALTER ON SEQUENCE mqa_flfo_cstr_id_seq TO shc_uadmin;
*ERROR: unrecognized privilege type "alter" SQL state: 42601*
Is there any other way i can execute the queries, with user *"shc_uadmin"*
for the *setval()* to work properly without giving complete privileges same
as the owner *"pgddb_admin"* ? Any workaround/ alternate option which would
work here? Please assist
Regards,
Sasmit Utkarsh
+91-7674022625
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Assistance needed for the query execution in non-public schema
@ 2024-04-16 11:26 David Rowley <[email protected]>
parent: Sasmit Utkarsh <[email protected]>
1 sibling, 0 replies; 3+ messages in thread
From: David Rowley @ 2024-04-16 11:26 UTC (permalink / raw)
To: Sasmit Utkarsh <[email protected]>; +Cc: [email protected]
On Tue, 16 Apr 2024 at 23:00, Sasmit Utkarsh <[email protected]> wrote:
> msshctd=> SELECT setval(pg_get_serial_sequence('mqa_flfo_cstr', 'id'), coalesce(MAX(id), 1)) from mqa_flfo_cstr;
> ERROR: permission denied for sequence mqa_flfo_cstr_id_seq
> msshctd=> SELECT setval(pg_get_serial_sequence('mqa_ffp_nval', 'id'), coalesce(MAX(id), 1)) from mqa_ffp_nval;
> ERROR: permission denied for sequence mqa_ffp_nval_id_seq
> GRANT USAGE, ALTER ON SEQUENCE mqa_flfo_cstr_id_seq TO shc_uadmin;
> ERROR: unrecognized privilege type "alter" SQL state: 42601
According to our documentation for setval():
"This function requires UPDATE privilege on the sequence."
https://www.postgresql.org/docs/current/functions-sequence.html
David
^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: Assistance needed for the query execution in non-public schema
@ 2024-04-16 11:28 Laurenz Albe <[email protected]>
parent: Sasmit Utkarsh <[email protected]>
1 sibling, 0 replies; 3+ messages in thread
From: Laurenz Albe @ 2024-04-16 11:28 UTC (permalink / raw)
To: Sasmit Utkarsh <[email protected]>; [email protected]
On Tue, 2024-04-16 at 16:30 +0530, Sasmit Utkarsh wrote:
> msshctd=> SELECT setval(pg_get_serial_sequence('mqa_flfo_cstr', 'id'), coalesce(MAX(id), 1)) from mqa_flfo_cstr;
> ERROR: permission denied for sequence mqa_flfo_cstr_id_seq
> msshctd=> SELECT setval(pg_get_serial_sequence('mqa_ffp_nval', 'id'), coalesce(MAX(id), 1)) from mqa_ffp_nval;
> ERROR: permission denied for sequence mqa_ffp_nval_id_seq
>
> msshctd=> \z mqa_flfo_cstr_id_seq
> Access privileges
> Schema | Name | Type | Access privileges | Column privileges | Policies
> ---------+----------------------+----------+-----------------------------+-------------------+----------
> shc_tty | mqa_flfo_cstr_id_seq | sequence | pgddb_admin=rwU/pgddb_admin+| |
> | | | shc_uadmin=rU/pgddb_admin | |
> (1 row)
>
> msshctd=> \z mqa_ffp_nval_id_seq
> Access privileges
> Schema | Name | Type | Access privileges | Column privileges | Policies
> ---------+---------------------+----------+-----------------------------+-------------------+----------
> shc_tty | mqa_ffp_nval_id_seq | sequence | pgddb_admin=rwU/pgddb_admin+| |
> | | | shc_uadmin=rU/pgddb_admin | |
> (1 row)
>
> Above query executes fine when I try to execute as user "pgddb_admin"(Super User).
> but when I switch to shc_uadmin, I see a permission error.
That's because the user is lacking the UPDATE privilege ("U" is USAGE).
> GRANT USAGE, ALTER ON SEQUENCE mqa_flfo_cstr_id_seq TO shc_uadmin;
> ERROR: unrecognized privilege type "alter" SQL state: 42601
There is no ALTER privilege. Try
GRANT UPDATE ON SEQUENCE mqa_flfo_cstr_id_seq, mqa_ffp_nval_id_seq TO shc_uadmin;
Yours,
Laurenz Albe
^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2024-04-16 11:28 UTC | newest]
Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-04-16 11:00 Assistance needed for the query execution in non-public schema Sasmit Utkarsh <[email protected]>
2024-04-16 11:26 ` David Rowley <[email protected]>
2024-04-16 11:28 ` Laurenz Albe <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox