Thread: grant not working on pg_class

grant not working on pg_class

From
Gregory Stone
Date:
I've got a problem where any group or user permissions to the pg_class
table aren't being registered by either psql or the JDBC driver. I issue
the following command:

GRANT ALL ON TABLE pg_class TO GROUP apps;
-OR-
GRANT ALL ON TABLE pg_class TO sculptor;

Both apps and sculptor are valid user and group names respectively. The
command executes fine and the following query produces:
paella=> SELECT relname, relacl FROM pg_class WHERE relname='pg_class';
 relname  |                                            relacl

----------+----------------------------------------------------------------------------------------------
 pg_class | {=r/postgres,"group apps=arwdRxt/postgres","group
dev=w/postgres",sculptor=arwdRxt/postgres}
(1 row)

Looks good right? The permissions are there as requested. But when I try
to execute a stored procedure that, with the command below, turns off the
triggers temporarily I get ERROR:  permission denied for relation
pg_class.


UPDATE "pg_class" SET "reltriggers" = 0 WHERE "relname" =
''layer_template'';


I'm using postgresql 7.4, on Mac OSX, and the JDBC driver that came witht
he source dist for darwin. I've checked the groups and it seems there was
a problem back in 6.4 or so but it was allegedly fixed. Any ideas?

Thanks,

Gregory


=====
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gregory Stone       |  "Suppose you were an idiot, and suppose you were
guomo@yahoo.com     |    a member of congress; but I repeat myself."
                    |                                      - Mark Twain
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

Re: grant not working on pg_class

From
Peter Eisentraut
Date:
Gregory Stone writes:

> to execute a stored procedure that, with the command below, turns off the
> triggers temporarily I get ERROR:  permission denied for relation
> pg_class.
>
> UPDATE "pg_class" SET "reltriggers" = 0 WHERE "relname" =
> ''layer_template'';

There is a special restriction that prevents you from writing to system
catalogs.  The user must have usecatupd set to true in pg_shadow.  That is
generally only recommendable for superusers.  (Else, anyone having write
access to pg_class could easily obtain write access to any other table.)

--
Peter Eisentraut   peter_e@gmx.net