Thread: Unable to select a table as postgres user
I have a database in which tables are created for each user when they create an account. These auto generated tables are used for generating analytics using a Function. This function is defined as a SECURITY DEFINER. So that any user who tries to execute this function will be doing so as a Super user. But it is not working as expected. For Example, When execute the functions as User1, I get an error that the User1 is unable to select the table. When I execute the functions as postgres user, I still get the same error!!! Was able to execute the function only after GRANT SELECT on that table. My question is, When I execute the function as a Superuser, How come I get an error on Unable to select the table? -- View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On 10/29/2015 10:56 PM, rajan wrote: > I have a database in which tables are created for each user when they create > an account. These auto generated tables are used for generating analytics > using a Function. This function is defined as a SECURITY DEFINER. So that > any user who tries to execute this function will be doing so as a Super > user. > > But it is not working as expected. For Example, When execute the functions > as User1, I get an error that the User1 is unable to select the table. When > I execute the functions as postgres user, I still get the same error!!! > > Was able to execute the function only after GRANT SELECT on that table. > > My question is, > When I execute the function as a Superuser, How come I get an error on > Unable to select the table? to answer this would require seeing the access rights to the table, schema, and database along with the user -- john r pierce, recycling bits in santa cruz
2015-10-30 6:56 GMT+01:00 rajan <vgmonnet@gmail.com>:
I have a database in which tables are created for each user when they create
an account. These auto generated tables are used for generating analytics
using a Function. This function is defined as a SECURITY DEFINER. So that
any user who tries to execute this function will be doing so as a Super
user.
But it is not working as expected. For Example, When execute the functions
as User1, I get an error that the User1 is unable to select the table. When
I execute the functions as postgres user, I still get the same error!!!
Was able to execute the function only after GRANT SELECT on that table.
My question is,
When I execute the function as a Superuser, How come I get an error on
Unable to select the table?
If you are superuser, then you can see all - there are no any limit. It is impossible to do any limit of superuser in Postgres.
Regards
Pavel
--
View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Yes. I agree that the superuser cannot be restricted with any access. But my scenarios is, I am executing a function(VOLATILE SECURITY DEFINER) using the superuser and it function fails with unable to select a particular table. At the same time, I am able to select the table as a superuser, by executing select * from table_name; -- View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036p5872041.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
2015-10-30 7:56 GMT+01:00 rajan <vgmonnet@gmail.com>:
Yes. I agree that the superuser cannot be restricted with any access.
But my scenarios is, I am executing a function(VOLATILE SECURITY DEFINER)
using the superuser and it function fails with unable to select a particular
table.
who owns this function?
At the same time, I am able to select the table as a superuser, by executing
select * from table_name;
--
View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036p5872041.htmlSent from the PostgreSQL - general mailing list archive at Nabble.com.
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Hi What error do you get? - Permission denied or table does not exist? Latter would indicate a problem with the search_path and you should fully qualify the table name in the function body. - Did you create the function as postgres user? Bye Charles On 30/10/2015 07:56, rajan wrote: > Yes. I agree that the superuser cannot be restricted with any access. > > But my scenarios is, I am executing a function(VOLATILE SECURITY DEFINER) > using the superuser and it function fails with unable to select a particular > table. > > At the same time, I am able to select the table as a superuser, by executing > select * from table_name; > > > > -- > View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036p5872041.html > Sent from the PostgreSQL - general mailing list archive at Nabble.com. > >
The function is created as postgres user. And I get a permission denied error. -- View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036p5872055.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
postgres owns the function Schema | public Name | testuserfunction Result data type | xxxxx Argument data types | Type | normal Security | definer Volatility | volatile Owner | postgres Language | plpgsql Source code | -- View this message in context: http://postgresql.nabble.com/Unable-to-select-a-table-as-postgres-user-tp5872036p5872060.html Sent from the PostgreSQL - general mailing list archive at Nabble.com.
On 10/30/2015 10:27 AM, rajan wrote: > The function is created as postgres user. > > And I get a permission denied error. If you want help solving this, I suggest you post a minimal, self contained test case (i.e. SQL statements) which anyone can run to reproduce your issue. HTH, Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development