英文:
Permission denied to create table even after using GRANT command
问题
我已连接到一个具有postgres角色的Postgres 14实例。我已创建了一个名为airflow的新数据库,以及一个名为airflow的新用户/角色,该用户/角色是该数据库的所有者。
以下是数据库列表:
名称 | 所有者 | 编码 | 区域排序 | 字符类型 | 访问权限
-----------+-------------+----------+-------------+-------------+---------------------------------
airflow | airflow | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 |
我已发出以下命令:grant all on database airflow to airflow; 然后我得到:
以下是数据库列表:
名称 | 所有者 | 编码 | 区域排序 | 字符类型 | 访问权限
-----------+-------------+----------+-------------+-------------+---------------------------------
airflow | airflow | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 | =Tc/airflow +
| | | | | airflow=CTc/airflow
然而,我仍然遇到以下错误:
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.InsufficientPrivilege) permission denied for schema public
LINE 2: CREATE TABLE log (
^
[SQL:
CREATE TABLE log (
id SERIAL NOT NULL,
dttm TIMESTAMP WITH TIME ZONE,
dag_id VARCHAR(250),
task_id VARCHAR(250),
map_index INTEGER,
event VARCHAR(30),
execution_date TIMESTAMP WITH TIME ZONE,
owner VARCHAR(500),
extra TEXT,
CONSTRAINT log_pkey PRIMARY KEY (id)
)]
(关于此错误的背景信息在:https://sqlalche.me/e/14/f405)
我以airflow用户连接到airflow数据库。
更新:刚刚在pgAdmin上看到,我没有为airflow授予PUBLIC模式的全部权限...
英文:
I'm connected to a Postgres 14 instance with postgres role. I have created a new database called airflow and a new user/role called airflow too, who is the owner of the db.
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+-------------+----------+-------------+-------------+---------------------------------
airflow | airflow | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 |
I have issued the command grant all on database airflow to airflow; And then I have:
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+-------------+----------+-------------+-------------+---------------------------------
airflow | airflow | UTF8 | en_HK.UTF-8 | en_HK.UTF-8 | =Tc/airflow +
| | | | | airflow=CTc/airflow
However I still get this error:
sqlalchemy.exc.ProgrammingError: (psycopg2.errors.InsufficientPrivilege) permission denied for schema public
LINE 2: CREATE TABLE log (
^
[SQL:
CREATE TABLE log (
id SERIAL NOT NULL,
dttm TIMESTAMP WITH TIME ZONE,
dag_id VARCHAR(250),
task_id VARCHAR(250),
map_index INTEGER,
event VARCHAR(30),
execution_date TIMESTAMP WITH TIME ZONE,
owner VARCHAR(500),
extra TEXT,
CONSTRAINT log_pkey PRIMARY KEY (id)
)
]
(Background on this error at: https://sqlalche.me/e/14/f405)
I'm connecting to the instance as airflow user to the airflow database.
Update: Just saw on pgAdmin that I did not grant all on PUBLIC schema for airflow ...
答案1
得分: 3
grant all on database airflow to airflow;
授予 airflow 对数据库 airflow 的全部权限;
Sounds mighty, but does not do all that much. The role still needs additional privileges on schema(s), tables, and possibly more objects inside the database.
听起来很强大,但实际并没有做太多事情。该角色仍然需要在架构、表以及数据库内部的可能更多对象上获得额外的权限。
In particular, your error message says:
特别是,你的错误信息显示:
permission denied for schema public
拒绝在架构 public 上的权限
So you need (at least) the CREATE privilege on the schema public. Either directly, or by way of granting it to PUBLIC. Like:
因此,你至少需要在架构 public 上具有 CREATE 权限。可以直接授予,或者通过授予给 PUBLIC,如下所示:
GRANT CREATE ON SCHEMA public TO airflow;
GRANT CREATE ON SCHEMA public TO airflow;
Important updates for Postgres 15! The release notes:
Postgres 15 的重要更新!发布说明:
Remove
PUBLICcreation permission on the public schema (Noah Misch)
移除对公共架构的PUBLIC创建权限(Noah Misch)
And:
以及:
Change the owner of the
publicschema to be the newpg_database_ownerrole (Noah Misch)
将public架构的所有者更改为新的pg_database_owner角色(Noah Misch)
You can still change that any way you like. It's just the new, safer, more restrictive default. Follow the link for details.
你仍然可以按自己喜欢的方式进行更改。这只是新的、更安全、更严格的默认设置。点击链接查看详细信息。
But that does not apply to Postgres 14. You must have removed privileges yourself somehow.
但这不适用于 Postgres 14。你必须自己删除了某些权限。
Related:
相关链接:
英文:
> grant all on database airflow to airflow;
Sounds mighty, but does not do all that much. The role still needs additional privileges on schema(s), tables, and possibly more objects inside the database.
In particular, your error message says:
> permission denied for schema public
So you need (at least) the CREATE privilege on the schema public. Either directly, or by way of granting it to PUBLIC. Like:
GRANT CREATE ON SCHEMA public TO airflow;
Important updates for Postgres 15! The release notes:
> Remove PUBLIC creation permission on the public schema (Noah Misch)
And:
> Change the owner of the public schema to be the new pg_database_owner role (Noah Misch)
You can still change that any way you like. It's just the new, safer, more restrictive default. Follow the link for details.
But that does not apply to Postgres 14. You must have removed privileges yourself somehow.
Related:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论