Обсуждение: permission errors
I have granted the user UPDATE permission on this table several times.
I check the perms and they look right. I cannot update the hit_count of
the link table as user 'masks'.
Oddity 2 - I created these tables as masks_adm.....as you can see below
that is the owner....yet I frequently got permission denied errors when
I tried to do things to these tables and had to actuall grant myself
permission to access them. It appears that this only happens when I
grant someone else permissions on the tables because the others work
just fine.
here is my \d:
masks=> \d
List of relations
Name | Type | Owner
---------------------+----------+-----------
access | table | masks_adm
access_key_seq | sequence | masks_adm
administrator | table | masks_adm
enews_subscription | table | masks_adm
enewsletter | table | masks_adm
enewsletter_key_seq | sequence | masks_adm
link | table | masks_adm
link_category | table | masks_adm
link_edit_req | table | masks_adm
link_key_seq | sequence | masks_adm
masks_user | table | masks_adm
(11 rows)
here is the permissions -
Access permissions for database "masks"
Relation | Access permissions
---------------------+-----------------------------------
access |
access_key_seq |
administrator |
enews_subscription |
enewsletter |
enewsletter_key_seq |
link | {"=","masks=arw","masks_adm=arw"}
link_category | {"=","masks=r","masks_adm=arw"}
link_edit_req |
link_key_seq | {"=","masks=rw","masks_adm=w"}
masks_user | {"=","masks=r"}
Here is the command and the result:
masks=> update link set hit_count=1 where key=192;
ERROR: masks_user: Permission denied.
Noah Roberts <jik@foxinternet.net> writes:
> Oddity 2 - I created these tables as masks_adm.....as you can see below
> that is the owner....yet I frequently got permission denied errors when
> I tried to do things to these tables and had to actuall grant myself
> permission to access them.
This is a known bug in GRANT in current releases: the first explicit
GRANT on a table loses the all-rights-granted-to-table-owner default
permissions for the table. It's fixed for 7.2, but at the moment you
have to remember to grant yourself access rights too.
regards, tom lane
> I have granted the user UPDATE permission on this table several times.
> I check the perms and they look right. I cannot update the hit_count of
> the link table as user 'masks'.
>
Ok, I fixed the problem, but I need to know why it worked. What I did was
grant the masks_adm user all access rights to the masks_user table. I had
not realized I had changed the user that accesses the tables at this
point....the confusion though has to do with the fact that the masks_user
table is not accessed in that ENTIRE php script! The querry at the line that
errors is "UPDATE link set hit_count=hit_count+1 WHERE key=$link;" and a
"grep masks_user directory.php" turned up nothing.
There is a foreign key to masks_user but it is not used in this querry....is
that the thing of it?
>
> here is my \d:
>
> masks=> \d
> List of relations
> Name | Type | Owner
> ---------------------+----------+-----------
> access | table | masks_adm
> access_key_seq | sequence | masks_adm
> administrator | table | masks_adm
> enews_subscription | table | masks_adm
> enewsletter | table | masks_adm
> enewsletter_key_seq | sequence | masks_adm
> link | table | masks_adm
> link_category | table | masks_adm
> link_edit_req | table | masks_adm
> link_key_seq | sequence | masks_adm
> masks_user | table | masks_adm
> (11 rows)
>
> here is the permissions -
> Access permissions for database "masks"
> Relation | Access permissions
> ---------------------+-----------------------------------
> access |
> access_key_seq |
> administrator |
> enews_subscription |
> enewsletter |
> enewsletter_key_seq |
> link | {"=","masks=arw","masks_adm=arw"}
> link_category | {"=","masks=r","masks_adm=arw"}
> link_edit_req |
> link_key_seq | {"=","masks=rw","masks_adm=w"}
> masks_user | {"=","masks=r"}
>
> Here is the command and the result:
> masks=> update link set hit_count=1 where key=192;
> ERROR: masks_user: Permission denied.