Postgres - 更新pg_catalog.pg_cast时被拒绝的权限

时间:2014-02-13 11:42:29

标签: postgresql permissions grant

我想从受限制的用户更新pg_catalog.pg_cast(在Postgres 9.3上)。

但运行我需要的查询:

 update pg_cast set castcontext = 'i' where oid in ( select c.oid from pg_cast c inner join pg_type src on src.oid = c.castsource inner join pg_type tgt on tgt.oid = c.casttarget where src.typname like 'int%' and tgt.typname like 'bool%');

以错误结束:

    ERROR:  permission denied for relation pg_cast

但是权限似乎已正确设置。查看自DB和USER创建以来我所做的步骤,直到查询:

psql -c "create database test1 WITH ENCODING 'UTF8' LC_COLLATE='en_GB.UTF8' LC_CTYPE='en_GB.UTF8' TEMPLATE=template0;" -U postgres
psql -U postgres test1;
test1=# CREATE USER test1 PASSWORD 'test1';
test1=# GRANT ALL ON SCHEMA public TO test1;
test1=# GRANT ALL ON ALL TABLES IN SCHEMA public TO test1;
test1=# GRANT SELECT ON TABLE pg_catalog.pg_cast TO test1; 
test1=# GRANT SELECT ON TABLE pg_catalog.pg_type TO test1; 
test1=# GRANT UPDATE ON TABLE pg_catalog.pg_cast TO test1; 
test1=# \q

sudo service postgresql-9.3 restart

PGPASSWORD=test1;psql -U test1 test1

test1=> \z pg_catalog.pg_cast
                  Access privileges
   Schema   |  Name   | Type  | Access privileges | Column access privileges 
------------+---------+-------+-------------------+--------------------------
 pg_catalog | pg_cast | table | =r/postgres      +| 
        |         |       | test1=rw/postgres | 
(1 row)

test1=> \z pg_catalog.pg_type
                  Access privileges
   Schema   |  Name   | Type  | Access privileges | Column access privileges 
------------+---------+-------+-------------------+--------------------------
 pg_catalog | pg_type | table | =r/postgres      +| 
        |         |       | test1=r/postgres  | 
(1 row)

test1=> SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='pg_cast';
 grantee | privilege_type 
---------+----------------
 test1   | SELECT
 test1   | UPDATE
(2 rows)

test1=> update pg_cast set castcontext = 'i' where oid in ( select c.oid from pg_cast c inner join pg_type src on src.oid = c.castsource inner join pg_type tgt on tgt.oid = c.casttarget where src.typname like 'int%' and tgt.typname like 'bool%');
ERROR:  permission denied for relation pg_cast

我还应该做些什么来启用test1用户的查询执行? 感谢。

2 个答案:

答案 0 :(得分:2)

您真的不应该直接更新系统目录。 “允许被拒绝”的错误是Postgres试图保护你不要在脚下射击自己。

如果你真的想要那个(如果你打破了某些东西,你可以保留两件......)从这里开始:https://serverfault.com/questions/300123/how-to-edit-system-catalogs-in-postgresql-8-1

答案 1 :(得分:1)

我在更新Greenplum系统目录时遇到了类似的问题,提示是:

  

错误:权限被拒绝:“ pg_filespace_entry”是系统目录,

在尝试修改系统表之前,解决方案使用了以下命令:

set allow_system_table_mods='dml';
相关问题
最新问题