![](/img/trans.png)
[英]postgres database : Insufficient privilege, permission denied for relation table
[英]Permission denied for relation on PostgreSQL 9.6 database
我在我創建的數據庫中創建新對象(特別是視圖)時遇到問題。 盡管在 SO 上報告了許多類似的問題,請參閱關系拒絕許可和序列拒絕許可,但盡管研究了公認的答案(並且在某些情況下,遵循 PostgreSQL 文檔),但我無法解決此問題問題。
這是我正在運行的腳本片段,用於創建數據庫、新角色,然后更改數據庫的默認權限:
-- # Uncomment line below for debugging purposes
SET client_min_messages TO debug1;
CREATE DATABASE mydatabase WITH ENCODING 'UTF8' TEMPLATE template1;
-- Create user foo
CREATE ROLE foo LOGIN ENCRYPTED PASSWORD '29829932499gd' NOINHERIT;
\c mydatabase
--- this grants privileges on new objects generated in new database "mydatabase"
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO foo;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO foo;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO foo;
--- import DDL from SQL files (Ommitted for brevity sake)
當我嘗試創建物化視圖時,我意識到我試圖從中進行 SELECT 的其中一個表 (table_1) 上存在權限錯誤。
我直接在 CLI 上嘗試了一個簡單的查詢:
mydatabase=> select * from table_1;
ERROR: permission denied for relation table_1
然后我在 psql CLI(連接到mydatabase數據庫)手動輸入:
將 SCHEMA public 中所有表的所有權限授予 foo;
然后我得到了回應:
錯誤:關系表_2 的權限被拒絕
這是 table_1 和 table_2 的架構:
CREATE TABLE IF NOT EXISTS table_1 (
td DATE NOT NULL,
f1 REAL CHECK (f1 > 0) NOT NULL ,
f2 REAL CHECK (f2 > 0 and f2 >= f1 and f2 >= f3 and f2 >= f4) NOT NULL ,
f3 REAL CHECK (f3 > 0 and f3 <= f1 and f3 <= f2 and f3 <= f4) NOT NULL ,
f4 REAL CHECK (f4 > 0) NOT NULL,
f5 BIGINT CHECK (f5 > -1) DEFAULT 0 NOT NULL,
f6 BIGINT CHECK (f6 > -1) DEFAULT 0 NOT NULL,
moff SMALLINT DEFAULT 0 CHECK (moff > -1) NOT NULL,
flg_03_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_03_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_05_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_05_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_10_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_10_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_20_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_20_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_60_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_60_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_52w_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_52w_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_at_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_at_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_03v_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_03v_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_05v_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_05v_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_10v_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_10v_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_20v_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_20v_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_60v_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_60v_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_52wv_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_52wv_l BOOLEAN DEFAULT FALSE NOT NULL,
flg_atv_h BOOLEAN DEFAULT FALSE NOT NULL,
flg_atv_l BOOLEAN DEFAULT FALSE NOT NULL,
ar_1w REAL DEFAULT -99999 NOT NULL,
ar_2w REAL DEFAULT -99999 NOT NULL,
ar_1m REAL DEFAULT -99999 NOT NULL,
ar_3m REAL DEFAULT -99999 NOT NULL,
ar_1w_mzs REAL DEFAULT -99999 NOT NULL,
ar_2w_mzs REAL DEFAULT -99999 NOT NULL,
ar_1m_mzs REAL DEFAULT -99999 NOT NULL,
ar_3m_mzs REAL DEFAULT -99999 NOT NULL,
PRIMARY KEY (td, moff)
);
CREATE INDEX idx_tb1_flg03f2 ON table_1 (td, flg_03_h);
CREATE INDEX idx_tb1_flg03f3 ON table_1 (td, flg_03_l);
CREATE INDEX idx_tb1_flg05f2 ON table_1 (td, flg_05_h);
CREATE INDEX idx_tb1_flg05f3 ON table_1 (td, flg_05_l);
CREATE INDEX idx_tb1_flg10f2 ON table_1 (td, flg_10_h);
CREATE INDEX idx_tb1_flg10f3 ON table_1 (td, flg_10_l);
CREATE INDEX idx_tb1_flg20f2 ON table_1 (td, flg_20_h);
CREATE INDEX idx_tb1_flg20f3 ON table_1 (td, flg_20_l);
CREATE INDEX idx_tb1_flg60f2 ON table_1 (td, flg_60_h);
CREATE INDEX idx_tb1_flg60f3 ON table_1 (td, flg_60_l);
CREATE INDEX idx_tb1_flg52wf2 ON table_1 (td, flg_52w_h);
CREATE INDEX idx_tb1_flg52wf3 ON table_1 (td, flg_52w_l);
CREATE INDEX idx_tb1_flgatf2 ON table_1 (td, flg_at_h);
CREATE INDEX idx_tb1_flgatf3 ON table_1 (td, flg_at_l);
CREATE INDEX idx_tb1_flg03f5f2 ON table_1 (td, flg_03v_h);
CREATE INDEX idx_tb1_flg03f5f3 ON table_1 (td, flg_03v_l);
CREATE INDEX idx_tb1_flg05f5f2 ON table_1 (td, flg_05v_h);
CREATE INDEX idx_tb1_flg05f5f3 ON table_1 (td, flg_05v_l);
CREATE INDEX idx_tb1_flg10f5f2 ON table_1 (td, flg_10v_h);
CREATE INDEX idx_tb1_flg10f5f3 ON table_1 (td, flg_10v_l);
CREATE INDEX idx_tb1_flg20f5f2 ON table_1 (td, flg_20v_h);
CREATE INDEX idx_tb1_flg20f5f3 ON table_1 (td, flg_20v_l);
CREATE INDEX idx_tb1_flg60f5f2 ON table_1 (td, flg_60v_h);
CREATE INDEX idx_tb1_flg60f5f3 ON table_1 (td, flg_60v_l);
CREATE INDEX idx_tb1_flg52f5wf2 ON table_1 (td, flg_52wv_h);
CREATE INDEX idx_tb1_flg52f5wf3 ON table_1 (td, flg_52wv_l);
CREATE INDEX idx_tb1_flgatf5f2 ON table_1 (td, flg_atv_h);
CREATE INDEX idx_tb1_flgatf5f3 ON table_1 (td, flg_atv_l);
CREATE INDEX idx_tb1_ar_1w ON table_1 (td, ar_1w);
CREATE INDEX idx_tb1_ar_2w ON table_1 (td, ar_2w);
CREATE INDEX idx_tb1_ar_1m ON table_1 (td, ar_1m);
CREATE INDEX idx_tb1_ar_3m ON table_1 (td, ar_3m);
CREATE INDEX idx_tb1_ar_1w_mz ON table_1 (td, ar_1w_mzs);
CREATE INDEX idx_tb1_ar_2w_mz ON table_1 (td, ar_2w_mzs);
CREATE INDEX idx_tb1_ar_1m_mz ON table_1 (td, ar_1m_mzs);
CREATE INDEX idx_tb1_ar_3m_mz ON table_1 (td, ar_3m_mzs);
CREATE TABLE IF NOT EXISTS table_2 (
id SERIAL PRIMARY KEY NOT NULL,
name TEXT NOT NULL
);
CREATE UNIQUE INDEX idxu_table2_nm ON table_2 (name);
可以看出, table_1和table_2之間沒有關系,所以我懷疑 postgreSQL 給出的錯誤消息實際上是紅鯡魚(即誤導)。
最后一件事。 我正在使用Docker*來部署我的 postgreSQL 服務 - 因此上述腳本由 docker 運行。 數據庫是在我運行docker run
時創建的 - 但是,當我以用戶foo
登錄並嘗試創建新視圖(甚至在任何表上運行簡單的 SELECT )時,我收到錯誤消息:
錯誤:關系 $table_name 的權限被拒絕
我注意到的另一件奇怪的事情(當我在 psql 命令中運行\\z
時)是,似乎數據庫中的所有表都沒有任何權限:
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+-----------------------------------------------------------+----------+-------------------+-------------------+----------
public | mdb_company_financials_balsheet | table | | |
public | mdb_company_financials_cashflow | table | | |
public | mdb_company_financials_income_stmt | table | | |
public | mdb_ccy_group_member | table | | |
那么,是什么導致了這個許可問題,我該如何解決呢?
*(不確定是否是相關信息)。
[[附錄]]
version
------------------------------------------------------------------------------------------
PostgreSQL 9.6.5 on x86_64-pc-linux-gnu, compiled by gcc (Debian 4.9.2-10) 4.9.2, 64-bit
經過一些研究,這對我有用。 psql (9.6.12)
-- login to postgres database server as postgres user. ssh <user>>@hostname.<domain>>.com sudo su postgres id psql postgres=# create user sentry_read with login password 'sentry_read'; postgres=# du+ postgres=# \\l+ -- **very important: make sure we should connect required database before we grant to user.** postgres=# \\c sentry postgres=# \\dt sentry=# \\dp SENTRY_VERSION sentry=# select * from "SENTRY_VERSION"; sentry=# GRANT SELECT ON ALL TABLES IN SCHEMA public TO sentry_read; postgres=# \\q [user@hostname ~]$ psql -U sentry_read -d sentry -h hostname.<domain>>.com -W sentry=> select * from "SENTRY_VERSION";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.