Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] postgres_privileges: unable to verify existing privileges on views.

See original GitHub issue

Hello !

postgres.privileges_list and similar functions are unable to verify existing privileges on views.

postgres_privileges.present says:

View permissions should specify object_type: table.

https://github.com/saltstack/salt/blob/a670b4ae72ec11f5485c216c54059e14223019b8/salt/states/postgres_privileges.py#L118

But _make_privileges_list_query is unable to verify existing privileges on views because it filters on ordinary tables only. https://github.com/saltstack/salt/blob/f41cda17ce6cc0ee54df483f4d5f48cc2b9632e7/salt/modules/postgres.py#L2728

A little update should fix that.

-                    "AND relkind = 'r'",
+                    "AND relkind in ('r', 'v')",

State example : pg_catalog.pg_shadow is a view.

pgbouncer_auth_user:
    postgres_privileges.present:
        # GRANT SELECT ON pg_catalog.pg_shadow TO pgbouncer_auth_user;
        - prepend: pg_catalog
        - object_name: pg_shadow
        - object_type: table
        - privileges:
            - SELECT
        - maintenance_db: my_db
        - db_port: 5432

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
NotSqrtcommented, Jul 28, 2020

@sagetherage Thanks, I had not noticed that the initial PR was into my own repo…

0reactions
sagetheragecommented, Dec 8, 2020

@waynew a good candidate for the Test Clinics

Read more comments on GitHub >

github_iconTop Results From Across the Web

Postgres grant issue on select from view, but not from base table
So you'd have to grant that owner the SELECT privilege on table1 for the view to work. If the view has security_invoker =...
Read more >
PostgeSQL: Verify user privileges - database - Stack Overflow
Undercovers psql uses the bellow query when you issue \du command. SELECT r.rolname, r.rolsuper, r.rolinherit, r.rolcreaterole, r.rolcreatedb ...
Read more >
Documentation: 15: 41.5. Rules and Privileges - PostgreSQL
Rules and Privileges. Due to rewriting of queries by the PostgreSQL rule system, other tables/views than those used in the original query get...
Read more >
How to Handle Privileges in PostgreSQL | by Shengyu Huang
Briefly speaking, GRANT changes the privileges for CURRENT objects in a particular schema in a database, while ALTER DEFAULT PRIVILEGES changes the privileges ......
Read more >
How to Modify User Privileges in PostgreSQL Databases
As an example, to make a read-only user, first revoke all of the user's default privileges, then give CONNECT access. From there, add...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[BUG] Installation failed on Ubuntu 20.04 LTS arm64 (Raspberry Pi)

Next page

[DOCs] NameError: global name '__jid__' is not defined