Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uVAyY-00Enn8-HA for pgsql-sql@arkaria.postgresql.org; Fri, 27 Jun 2025 15:26:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1uVAyW-002orG-Id for pgsql-sql@arkaria.postgresql.org; Fri, 27 Jun 2025 15:26:49 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1uVAyW-002or7-9t for pgsql-sql@lists.postgresql.org; Fri, 27 Jun 2025 15:26:48 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1uVAyU-004ILh-18 for pgsql-sql@lists.postgresql.org; Fri, 27 Jun 2025 15:26:47 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 55RFQXCU1650969; Fri, 27 Jun 2025 11:26:33 -0400 From: Tom Lane To: Sam Stearns cc: pgsql-sql , Julie Mather , Peter Garza , Henry Ashu Subject: Re: Permission Denied on INSERT In-reply-to: References: Comments: In-reply-to Sam Stearns message dated "Fri, 27 Jun 2025 08:11:00 -0700" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1650967.1751037993.1@sss.pgh.pa.us> Content-Transfer-Encoding: quoted-printable Date: Fri, 27 Jun 2025 11:26:33 -0400 Message-ID: <1650968.1751037993@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Sam Stearns writes: > We're getting a permission denied error on an INSERT and cannot figure o= ut > why: > *[postgres@thiludbapql01 log]$ psql -U treg csbtestPassword for user > treg:psql (16.6)Type "help" for help.csbtest=3D# show search_path; > search_path---------------------------- csbtfsprd, interface, treg(1 > row)csbtest=3D# grant usage on schema treg to treg;GRANTcsbtest=3D# GRAN= T > SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA treg TO > treg;GRANTcsbtest=3D# GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA tre= g TO > treg;GRANTcsbtest=3D# GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA treg TO > treg;GRANTcsbtest=3D# insert into treg.cd_combined_office_mappings > (combined_office_id, tcsi_office_id, sb2_account_id, account_name, city, > postal_code, state, category, is_preferred, is_closed, is_parent)csbtest= -# > values (('734309'::int8),('S.668863.785512'),('668863'::int4),('Testing > Something'),('Beaverton'),('97008'),('OR'),('Carrier'),('Y'),('N'),('Y')= );ERROR: > permission denied for schema tregLINE 1: SELECT 1 FROM ONLY > "treg"."cd_combined_offices" x WHERE "com... > ^QUERY: SELECT 1 FROM ONLY "treg"."cd_combined_offices" x WHERE > "combined_office_id" OPERATOR(pg_catalog.=3D) $1 FOR KEY SHARE OF xcsbte= st=3D#* The error appears to be getting thrown in a generated foreign-key-constraint-enforcement query. From memory, those are executed as the owner of the table (I think owner of the referencing table, in this case). You've apparently not granted usage on treg to that role. regards, tom lane