Thread: weird problem with grants

Hi list,

I have a weird problem with grants. Probably I am forgetting something, but I
simply don't understand it.

We have a user 'x' that is member of group 'a'
there is a sequence where
Grant all on table schema.sequence to group 'a'

But still I get a permission denied when I try to access the sequence as user
'x'.

Thanks in advance.

D.Kniep

On Mon, 2005-10-10 at 16:37, Dick Kniep wrote:
> Hi list,
>
> I have a weird problem with grants. Probably I am forgetting something, but I
> simply don't understand it.
>
> We have a user 'x' that is member of group 'a'
> there is a sequence where
> Grant all on table schema.sequence to group 'a'
>
> But still I get a permission denied when I try to access the sequence as user
> 'x'.

Did you grant permission on the sequence as well?

Dick Kniep <dick@kniep.nl> writes:
> We have a user 'x' that is member of group 'a'
> there is a sequence where
> Grant all on table schema.sequence to group 'a'

> But still I get a permission denied when I try to access the sequence as user
> 'x'.

Works fine for me, so you've omitted some critical bit of information.

regression=# create user x;
CREATE ROLE
regression=# create group g with user x;
CREATE ROLE
regression=# create sequence seq;
CREATE SEQUENCE
regression=# grant all on seq to group g;
GRANT
regression=# \c - x
You are now connected as new user "x".
regression=> select nextval('seq');
 nextval
---------
       1
(1 row)

Given that you've mentioned schemas, a couple of possibilities are that
user x doesn't have USAGE permission on the schema containing the
sequence, or that he has a different search path which is leading him
to find a different sequence altogether.

If that doesn't help, let's see the exact case (including exact error
message) instead of a uselessly-abstract summary.

            regards, tom lane