Postgres Pro
Downloads
Home   >   mailing lists

Thread: Error 42501 permission denied for schema

Error 42501 permission denied for schema

From
akp geek
Date:
Dear all

I have 2 schemas , schema1 and schema 2. 

1. GRANT USAGE ON SCHEMA schema1 TO schema2;

I am trying to create a function in shema2, In that function I need to access some tables from schema1.
p
I am getting the following error when I compile the function

Search path set to schema2,schema1,public

Can you please help? Appreciate your time


Regards

Re: Error 42501 permission denied for schema

From
Tom Lane
Date:
akp geek <akpgeek@gmail.com> writes:
> I have 2 schemas , schema1 and schema 2.

> 1. GRANT USAGE ON SCHEMA schema1 TO schema2;

You seem to be confusing schemas and users --- they are not the same
thing at all.  The above grants the right to lookup objects in schema1
to the user (a/k/a role) named schema2; who doesn't necessarily have
anything to do with objects in schema2.

Also, although you failed to show the specific command that was failing,
I suspect what you are actually running into is lack of CREATE
permission not USAGE permission.

            regards, tom lane

Re: Error 42501 permission denied for schema

From
akp geek
Date:
Sorry for the confusion  that I have caused

  • roles > role1 , role2
  • schemas > schema1, schema2 
  • GRANT USAGE ON SCHEMA schema1 TO role2;
  • create function fnc_name(IN i_id numeric) 
  • function is created using role2 
I ended up getting the error 


ERROR: permission denied for schema schema1
SQL state: 42501


Appreciate your help.



On Fri, Mar 26, 2010 at 11:45 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
akp geek <akpgeek@gmail.com> writes:
> I have 2 schemas , schema1 and schema 2.

> 1. GRANT USAGE ON SCHEMA schema1 TO schema2;

You seem to be confusing schemas and users --- they are not the same
thing at all.  The above grants the right to lookup objects in schema1
to the user (a/k/a role) named schema2; who doesn't necessarily have
anything to do with objects in schema2.

Also, although you failed to show the specific command that was failing,
I suspect what you are actually running into is lack of CREATE
permission not USAGE permission.

                       regards, tom lane

Re: Error 42501 permission denied for schema

From
Tom Lane
Date:
akp geek <akpgeek@gmail.com> writes:
> Sorry for the confusion  that I have caused
>    - roles > role1 , role2
>    - schemas > schema1, schema2
>    - GRANT USAGE ON SCHEMA schema1 TO role2;
>    - create function fnc_name(IN i_id numeric)
>    - function is created using role2

> I ended up getting the error

> ERROR: permission denied for schema schema1

Well, keep in mind that what normally counts for a function's queries
is the permissions of the *caller*, not the owner.  If you want the
function to be able to do things regardless of who's calling it, mark
it SECURITY DEFINER, and then it runs with the owner's permissions.
Beware that malicious users might be able to subvert a SECURITY DEFINER
function to make it do something unintended ...

            regards, tom lane

From
赤松 建司
Date:
bye
end