public inbox for [email protected]
help / color / mirror / Atom feedFrom: Sam Stearns <[email protected]>
To: DINESH NAIR <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: pgsql-sql <[email protected]>
Cc: Julie Mather <[email protected]>
Cc: Peter Garza <[email protected]>
Cc: Henry Ashu <[email protected]>
Subject: Re: Permission Denied on INSERT
Date: Mon, 30 Jun 2025 07:36:40 -0700
Message-ID: <CAN6TVjmpVmSy_B8-TkL5Qyug=GzSXBT9J2j1LXs-7L373aB7=w@mail.gmail.com> (raw)
In-Reply-To: <PN4P287MB43817566E64E530AC483B89B9C46A@PN4P287MB4381.INDP287.PROD.OUTLOOK.COM>
References: <CAN6TVj=MxX_FgXzvZLxLHXyvzFRzpX2JFyug5mwOvteLoG4qLg@mail.gmail.com>
<[email protected]>
<CAN6TVjn4SAHC8_-4xN9qcWzYSUAZQPoqK-pqAXQdjHF-iKMbHA@mail.gmail.com>
<PN4P287MB43817566E64E530AC483B89B9C46A@PN4P287MB4381.INDP287.PROD.OUTLOOK.COM>
Thanks, Dinesh!
We resolved this by changing the owner of the table.
Sam
On Sun, Jun 29, 2025 at 8:02 PM DINESH NAIR <[email protected]>
wrote:
> Hi Sam, Problem statement: The error appears to be getting thrown in a
> generated foreign-key-constraint-enforcement query. From memory, those are
> executed as the owner of the table . You've apparently not granted usage on
> treg to that role.
> ZjQcmQRYFpfptBannerStart
> This Message Is From an Untrusted Sender
> You have not previously corresponded with this sender.
>
> ZjQcmQRYFpfptBannerEnd
> Hi Sam,
>
> Problem statement: The error appears to be getting thrown in a generated
> foreign-key-constraint-enforcement query. From memory, those are executed
> as the owner of the table . You've apparently not granted usage on treg to
> that role.
>
> Solution : 1. In this case Role-Based Access Control (RBAC) user roles,
> the role assigned to your user might not have the necessary INSERT privilege
> assigned to the tables , or your user might not be correctly assigned to
> the role that *does* have the necessary insert privilege.
>
> 2. Schema, tables are granted necessary insert privileges . Sequences ,
> triggers(if any) have necessary privileges.
>
> Possible reasons getting privilege issue during record
>
> 3. Table-Specific Constraints/Status : a . If the table is having read
> access
> b. triggers and procedures not having
> c. Due to row level security or policies
> d. Separate log files are maintained and user not having necessary
> permissions.
>
>
>
> Thanks
>
> Dinesh Nair
>
>
>
>
> ------------------------------
> *From:* Sam Stearns <[email protected]>
> *Sent:* Friday, June 27, 2025 10:29 PM
> *To:* Tom Lane <[email protected]>
> *Cc:* pgsql-sql <[email protected]>; Julie Mather <
> [email protected]>; Peter Garza <[email protected]>; Henry Ashu <
> [email protected]>
> *Subject:* Re: Permission Denied on INSERT
>
> You don't often get email from [email protected]. Learn why this is
> important <https://aka.ms/LearnAboutSenderIdentification;
> Caution: This email was sent from an external source. Please verify the
> sender’s identity before clicking links or opening attachments.
> You are right, Tom. That was the problem. Thank you!
>
> Sam
>
>
> On Fri, Jun 27, 2025 at 8:26 AM Tom Lane <[email protected]> wrote:
>
> *This Message Is From an External Sender*
> This message came from outside your organization.
>
>
> Sam Stearns <[email protected]> writes:
> > We're getting a permission denied error on an INSERT and cannot figure out
> > why:
> > *[postgres@thiludbapql01 log]$ psql -U treg csbtestPassword for user
> > treg:psql (16.6)Type "help" for help.csbtest=# show search_path;
> > search_path---------------------------- csbtfsprd, interface, treg(1
> > row)csbtest=# grant usage on schema treg to treg;GRANTcsbtest=# GRANT
> > SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA treg TO
> > treg;GRANTcsbtest=# GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA treg TO
> > treg;GRANTcsbtest=# GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA treg TO
> > treg;GRANTcsbtest=# insert into treg.cd_combined_office_mappings
> > (combined_office_id, tcsi_office_id, sb2_account_id, account_name, city,
> > postal_code, state, category, is_preferred, is_closed, is_parent)csbtest-#
> > values (('734309'::int8),('S.668863.785512'),('668863'::int4),('Testing
> > Something'),('Beaverton'),('97008'),('OR'),('Carrier'),('Y'),('N'),('Y'));ERROR:
> > permission denied for schema tregLINE 1: SELECT 1 FROM ONLY
> > "treg"."cd_combined_offices" x WHERE "com...
> > ^QUERY: SELECT 1 FROM ONLY "treg"."cd_combined_offices" x WHERE
> > "combined_office_id" OPERATOR(pg_catalog.=) $1 FOR KEY SHARE OF xcsbtest=#*
>
> The error appears to be getting thrown in a generated
> foreign-key-constraint-enforcement query. From memory,
> those are executed as the owner of the table (I think
> owner of the referencing table, in this case). You've
> apparently not granted usage on treg to that role.
>
> regards, tom lane
>
>
>
> --
>
> Samuel Stearns
> Team Lead - Database
> c: 971 762 6879 | o: 971 762 6879 | DAT.com
> <https://www.dat.com/?utm_medium=email&utm_source=DAT_email_signature_link;
>
>
--
Samuel Stearns
Team Lead - Database
c: 971 762 6879 | o: 971 762 6879 | DAT.com
<https://www.dat.com/?utm_medium=email&utm_source=DAT_email_signature_link;
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Permission Denied on INSERT
In-Reply-To: <CAN6TVjmpVmSy_B8-TkL5Qyug=GzSXBT9J2j1LXs-7L373aB7=w@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox