Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sxCuD-008bWJ-7S for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 22:05:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sxCtB-005nEm-ME for pgsql-general@arkaria.postgresql.org; Sat, 05 Oct 2024 22:04:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sxCtA-005nEc-Nm for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 22:04:37 +0000 Received: from mta-p5.oit.umn.edu ([134.84.196.205]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sxCt7-002hPF-LD for pgsql-general@lists.postgresql.org; Sat, 05 Oct 2024 22:04:35 +0000 Received: from localhost (unknown [127.0.0.1]) by mta-p5.oit.umn.edu (Postfix) with ESMTP id 4XLfb20DjZz9vKZJ for ; Sat, 5 Oct 2024 22:04:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p5.oit.umn.edu ([127.0.0.1]) by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nYG-wZREvmEO for ; Sat, 5 Oct 2024 17:04:29 -0500 (CDT) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p5.oit.umn.edu (Postfix) with ESMTPS id 4XLfb14jVGz9vKZH for ; Sat, 5 Oct 2024 17:04:29 -0500 (CDT) DMARC-Filter: OpenDMARC Filter v1.3.2 mta-p5.oit.umn.edu 4XLfb14jVGz9vKZH DKIM-Filter: OpenDKIM Filter v2.11.0 mta-p5.oit.umn.edu 4XLfb14jVGz9vKZH Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-20b4d9bebf4so3799065ad.0 for ; Sat, 05 Oct 2024 15:04:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=d.umn.edu; s=google; t=1728165868; x=1728770668; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aJZVeO6wt5zKAX754H7TfREo4FGRr99gaUFA8w1kRVQ=; b=Z23JmqpH5zaNQFH3To1GAwna2JHiJd6mbRPj385zmvOEFl4/oPeG2Q4eeu//w4UG+x 1MgF5GXuhoT7xnDRokaEtIfw0/gfl1NAJjk+E3WqEUuHJeOUKlHgWoEsIrcDoFPnxTIy X6lKbE5+24X9Qxz+YekxGfVnDa7zr8GUpAGccstGrsfr9eqsmsNnb+r1Tm0ir90fTY2J trI26crY9TzIhVd6iuYus/woIx5A9EG+xu8fVZOwJ8ayH09WBnXdQc/CLU+FLER532EJ I5ajQyRFLaMvgBZ1Ml6fqeB1HReTd6Idd6a6Rw1G8EhPmfgzDMa4WxDbeLCQs1HtCE+H q5UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728165868; x=1728770668; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aJZVeO6wt5zKAX754H7TfREo4FGRr99gaUFA8w1kRVQ=; b=ayMD9h6aCcdV5cVLzcOgPIuUCXc3ZObh0jfCxj01JWh+zLBd+D9eXvdwI5hY40j9BL QAkiGg4z7tJbVs+JdI0T/erxRpBoF09TCrECtspdNzTcu0mwH5mfbLJcmw4lX1lQ4FYk aTLH3H5XpF+O0aDiEmX8wGIjRp1kH08wi1aZJAbeLuk9O91PES/SXeLUzgn4nOMepkSg ilJQG+bmE7pdVnG4ODYZzfvkvNLdpsctpGNmlWEtiI/YVzaZ9/Qi3GT08z079zgbY+sk Ly+oPGmLYgH+jMmytV/C7un5t5tAVDrY+3nV7L5/azpZcbwsFwOocFbqYglCOpcOPN59 RxRg== X-Forwarded-Encrypted: i=1; AJvYcCUtpax9Maq6PGamunqZYIdBx8zpwlxbGwP50zIQMU6HZa6ksc0GmfFaGnmcQKkuQd3pVDOQLVS6E3IJqQAU@lists.postgresql.org X-Gm-Message-State: AOJu0YxtPOj81XG/y/IqD+5z14lSf6sLwdrFdm0V2bsooOE1S0r4S5rj 2rFf6nHaaATvQYh08LAZDfJGL2Kq4hcM2ndCOx1TrZm1FVZrr7Pl+n6Vb1bCBsjv6otT0gGAuS/ 6zzP/GcQypYb9RNg+vXBGyx0w5oC+cGfgwqKmHh4zQknONGc0gdS1Qf7jpcl72APyFgEobYZdxd kdlhHnysdthbp3LSy72yiovocC66SrduVCtBxX+WI2Z0sX7f0= X-Received: by 2002:a17:902:d48c:b0:205:861c:5c37 with SMTP id d9443c01a7336-20bfe04c77bmr44163295ad.6.1728165868232; Sat, 05 Oct 2024 15:04:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFb3UEZdQObBbsfKP5eD6KKgiv1svnvX9g7vzVvMXHkruDWGOfJtqR31I51k4IdgxtBsMsw00l4+FRrP97ac/4= X-Received: by 2002:a17:902:d48c:b0:205:861c:5c37 with SMTP id d9443c01a7336-20bfe04c77bmr44163195ad.6.1728165867853; Sat, 05 Oct 2024 15:04:27 -0700 (PDT) MIME-Version: 1.0 References: <0c089041-d4eb-4bf4-bfcb-6451224190c9@aklaver.com> <8fec88b9-355f-487d-95ad-103af2229fde@aklaver.com> In-Reply-To: <8fec88b9-355f-487d-95ad-103af2229fde@aklaver.com> From: Matt Zagrabelny Date: Sat, 5 Oct 2024 17:04:15 -0500 Message-ID: Subject: Re: grant connect to all databases To: Adrian Klaver Cc: "David G. Johnston" , "pgsql-generallists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000aab9150623c1f8c4" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000aab9150623c1f8c4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, Oct 5, 2024 at 3:12=E2=80=AFPM Adrian Klaver wrote: > On 10/5/24 11:24, Matt Zagrabelny wrote: > > > > > > > Nope. I create the role (via puppet) and then add the GRANT > > pg_read_all_data TO (via puppet). > > > > > What is \drgS? I don't believe I have that. > > That is available in Postgres 16+, you must running be in an instance of > Postgres before that. > Ah. Yup! > > > > 'CREATE ROLE "alice" ENCRYPTED PASSWORD \'$NEWPGPASSWD\' LOGIN > > NOCREATEROLE NOCREATEDB NOSUPERUSER CONNECTION LIMIT -1' > > GRANT pg_read_all_data TO alice; > > > > > ...but I still cannot connect: > > > > $ psql -d test -U alice > > psql: error: connection to server on socket > > "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: permission denied > > for database "test" > > DETAIL: User does not have CONNECT privilege. > > Something is going on in the background. > Agreed. > > What version of Postgres? > psql (15.8 (Debian 15.8-0+deb12u1)) > Where did you install it from or where are you running it? > Installed from Debian repos via apt via puppet. Still digging... -m --000000000000aab9150623c1f8c4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Sat, Oct 5, 2024 at 3:12=E2=80=AFP= M Adrian Klaver <adrian.kla= ver@aklaver.com> wrote:
On 10/5/24 11:24, Matt Zagrabelny wrote:
>

>
> Nope. I create the role (via puppet) and then add the GRANT
> pg_read_all_data TO (via puppet).
>

> What is \drgS? I don't believe I have that.

That is available in Postgres 16+, you must running be in an instance of Postgres before that.

Ah. Yup!
=C2=A0


>=C2=A0 =C2=A0'CREATE ROLE "alice" ENCRYPTED PASSWORD \= 9;$NEWPGPASSWD\' LOGIN
> NOCREATEROLE NOCREATEDB NOSUPERUSER =C2=A0CONNECTION LIMIT -1'
> GRANT pg_read_all_data TO alice;
>

>=C2=A0 =C2=A0...but I still cannot connect:
>
> $ psql -d test -U alice
> psql: error: connection to server on socket
> "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: =C2=A0per= mission denied
> for database "test"
> DETAIL: =C2=A0User does not have CONNECT privilege.

Something is going on in the background.

Agreed.
=C2=A0

What version of Postgres?


psql (15.8 (Debian 15.8-0+deb12u1))

=C2=A0
<= /div>
Where did you install it from or where are you running it?
=

Installed from Debian repos via apt via puppet.

=C2=A0
Still digging...

-m
--000000000000aab9150623c1f8c4--