Menu
PostgreSQL said: permission denied for relation pg_authid
Is pg_authid just unavailable on AWS RDS in all contexts because of RDS locking down the super role? My role created the table, so pg_catalog should come by default (and not need to be added to search path) if I'm reading psql docs right. Just need SELECT, not create ability.
Haven't been able to find a definitive AWS RDS documentation page where it says that pg_catalog.pg_authid is not allowed in any context, but I've inherited a documentation project that is relying on being able to form queries and joins on the pg_authid table in the DB I just created. I always get the above permission denied.
Tried adding a postgres role and giving it to myself, and also explicitly adding the db to my search path, to no avail.
792
Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/ . Open the RDS console and then choose Databases to display a list of your DB instances. Choose the PostgreSQL DB instance name to display its details. On the Connectivity & security tab, copy the endpoint.
To connect to the cluster with the pgAdmin clientOpen the context (right-click) menu for Servers, and then choose Create, Server. Enter information in the Create - Server dialog box. On the Connection tab, add the Aurora PostgreSQL cluster address for Host and the PostgreSQL port number (by default, 5432) for Port.
Amazon RDS makes it easy to set up, operate, and scale PostgreSQL deployments in the cloud. With Amazon RDS, you can deploy scalable PostgreSQL deployments in minutes with cost-efficient and resizable hardware capacity.
1. Create a new user by running the CREATE ROLE command: postgres=> CREATE ROLE new_master WITH PASSWORD 'password' CREATEDB CREATEROLE LOGIN; Note: Replace new_master and password with your user name and password.
The catalog pg_authid contains information about database authorization identifiers (roles). As you might be aware, that due to managed nature off RDS as a service, unfortunately it is not possible to have the full superuser role in RDS.
Unfortunately as the above mentioned is a limitation on RDS, if the access to 'pg_authid' is utmost necessary for performing your business, I would suggest you to look for EC2 hosted Postgres (community Postgres) as an option. The workaround to view the contents of 'pg_authid' is to use 'pg_roles', but the passwords are masked and would not tell you if it is encrypted or not.
Kindly note, not all catalogs are restricted from being read on RDS, below is the SQL Query which shows the privileges rds_superuser/master user has on each catalog.
SELECT relname, has_table_privilege('rds_superuser',relname,'SELECT') as SELECT,has_table_privilege('rds_superuser',relname,'UPDATE') as UPDATE,has_table_privilege('rds_superuser',relname,'INSERT') as INSERT,has_table_privilege('rds_superuser',relname,'TRUNCATE') as TRUNCATE FROM pg_class c , pg_namespace n where n.oid = c.relnamespace and n.nspname in ('pg_catalog') and relkind='r';
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With