Participants
AC Gomez
AC Gomez
Adrian Klaver
Adrian Klaver
Attachments
Show all attachments
Thread Outline
#1AC GomezAC Gomez
Apr 01, 2020
#2Adrian KlaverAdrian Klaverto AC Gomez (#1)
Apr 01, 2020

permission denied for schema

Started by AC Gomezabout 6 years ago2 messagesgeneral
Jump to latest
#1AC Gomez
AC Gomez
antklc@gmail.com

I'm trying to write a function that eventually will rotate users. Currently
I have the code below which works and creates a new user using the prior
user which ultimately has the same rights as the master user, ie, can do
everything.

select mysch.dblink('dbname=mydb user=themasteruser password=abc123
connect_timeout=200000 host=localhost', 'CREATE USER newuname WITH PASSWORD
''pass1'' CREATEDB CREATEROLE;GRANT rds_superuser TO newuname;');

DROP SERVER IF EXISTS fs_link_b CASCADE;
CREATE SERVER fs_link_b FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host
'localhost', port '5432', dbname 'mydb ', connect_timeout '200000');
CREATE USER MAPPING FOR newuname SERVER fs_link_b OPTIONS ("user"
'newuname',password 'pass1');
ALTER SERVER fs_link_b OWNER TO newuname;

However, when I make a connection with the above created user and I try to
run the query below:

select * from mysch.dblink('link_b', 'select usename from PG_USER limit
1;') as t(uu text);

I get this error:

SQL Error [42501]: ERROR: permission denied for schema mysch

If I created the user based on a master user, then should it not have all
rights as the master user as created above? Or Do I need to do a bunch of
individual GRANTS still?

Thanks

#2Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: AC Gomez (#1)
Re: permission denied for schema

On 4/1/20 6:35 AM, AC Gomez wrote:

I'm trying to write a function that eventually will rotate users.
Currently I have the code below which works and creates a new user using
the prior user which ultimately has the same rights as the master user,
ie, can do everything.

select mysch.dblink('dbname=mydb user=themasteruser password=abc123
connect_timeout=200000 host=localhost', 'CREATE USER newuname WITH
PASSWORD ''pass1'' CREATEDB CREATEROLE;GRANT rds_superuser TO newuname;');

DROP SERVER IF EXISTS fs_link_b CASCADE;
CREATE SERVER fs_link_b FOREIGN DATA WRAPPER postgres_fdw OPTIONS (host
'localhost', port '5432', dbname 'mydb ', connect_timeout '200000');
CREATE USER MAPPING FOR newuname SERVER fs_link_b OPTIONS ("user"
'newuname',password 'pass1');
ALTER SERVER fs_link_b OWNER TO newuname;

However, when I make a connection with the above created user and I try
to run the query below:

select * from mysch.dblink('link_b', 'select usename from PG_USER limit
1;') as t(uu text);

I get this error:

SQL Error [42501]: ERROR: permission denied for schema mysch

Looks to me the issue is that whatever user is running:

select * from mysch.dblink('link_b', 'select usename from PG_USER limit
1;') as t(uu text);

does not have access to objects in schema mysch on the originating server.

If I created the user based on a master user, then should it not have
all rights as the master user as created above? Or Do I need to do a
bunch of individual GRANTS still?

Thanks

--
Adrian Klaver
adrian.klaver@aklaver.com

← Back to Topics