Postgres - permission denied on updating pg_catalog.pg_cast

StackOverflow https://stackoverflow.com/questions/21753225

Question

I'd like to update pg_catalog.pg_cast from the restricted user (on Postgres 9.3).

However running the query I need: 

 update pg_cast set castcontext = 'i' where oid in ( select c.oid from pg_cast c inner join pg_type src on src.oid = c.castsource inner join pg_type tgt on tgt.oid = c.casttarget where src.typname like 'int%' and tgt.typname like 'bool%');

ends up with error:

    ERROR:  permission denied for relation pg_cast

However permissions seems to be correctly set. See the steps I made since DB and USER creation till query:

psql -c "create database test1 WITH ENCODING 'UTF8' LC_COLLATE='en_GB.UTF8' LC_CTYPE='en_GB.UTF8' TEMPLATE=template0;" -U postgres
psql -U postgres test1;
test1=# CREATE USER test1 PASSWORD 'test1';
test1=# GRANT ALL ON SCHEMA public TO test1;
test1=# GRANT ALL ON ALL TABLES IN SCHEMA public TO test1;
test1=# GRANT SELECT ON TABLE pg_catalog.pg_cast TO test1; 
test1=# GRANT SELECT ON TABLE pg_catalog.pg_type TO test1; 
test1=# GRANT UPDATE ON TABLE pg_catalog.pg_cast TO test1; 
test1=# \q

sudo service postgresql-9.3 restart

PGPASSWORD=test1;psql -U test1 test1

test1=> \z pg_catalog.pg_cast
                  Access privileges
   Schema   |  Name   | Type  | Access privileges | Column access privileges 
------------+---------+-------+-------------------+--------------------------
 pg_catalog | pg_cast | table | =r/postgres      +| 
        |         |       | test1=rw/postgres | 
(1 row)

test1=> \z pg_catalog.pg_type
                  Access privileges
   Schema   |  Name   | Type  | Access privileges | Column access privileges 
------------+---------+-------+-------------------+--------------------------
 pg_catalog | pg_type | table | =r/postgres      +| 
        |         |       | test1=r/postgres  | 
(1 row)

test1=> SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='pg_cast';
 grantee | privilege_type 
---------+----------------
 test1   | SELECT
 test1   | UPDATE
(2 rows)

test1=> update pg_cast set castcontext = 'i' where oid in ( select c.oid from pg_cast c inner join pg_type src on src.oid = c.castsource inner join pg_type tgt on tgt.oid = c.casttarget where src.typname like 'int%' and tgt.typname like 'bool%');
ERROR:  permission denied for relation pg_cast

What more should I do, to enable query execution with the test1 user? Thanks.

Was it helpful?

Solution

You really should not be updating system catalogs directly. The "permission denied" error is Postgres trying to protect you from shooting yourself in the foot.

If You really want that (and if you break something, you get to keep both pieces...) start here: https://serverfault.com/questions/300123/how-to-edit-system-catalogs-in-postgresql-8-1

OTHER TIPS

I have had similar problem updating Greenplum system catalog, the cue is:

ERROR: permission denied: "pg_filespace_entry" is a system catalog,

the solution was using the following command before I tried to modify system table:

set allow_system_table_mods='dml';
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top