[ckan-dev] Datastore Search Permissions Error / DB Permissions problem
Matthew Fullerton
matt.fullerton at gmail.com
Thu Aug 18 15:51:30 UTC 2016
I'm getting 403 errors for searches on Datastore tables that are newly
created. The problem also exists at the DB level (the datastore_default
user can select from old tables but not the new ones). These are the
current schema permissions:
CREATE SCHEMA public
AUTHORIZATION pgadmin;
GRANT ALL ON SCHEMA public TO pgadmin;
GRANT ALL ON SCHEMA public TO ckan_default;
GRANT USAGE ON SCHEMA public TO datastore_default;
COMMENT ON SCHEMA public
IS 'standard public schema';
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES
TO datastore_default;
I think the problem is with the last bit. This is supposed to make sure
SELECT is given to all new tables created [by ckan_default]. This is set up
by the line in the permissions script:
ALTER DEFAULT PRIVILEGES FOR USER "ckan_default" IN SCHEMA public
S GRANT SELECT ON TABLES TO "datastore_default"
I found a reference to this on StackOverflow:
http://stackoverflow.com/questions/19309416/grant-permissions-to-user-for-any-new-tables-created-in-postgresql
"You can change default privileges only for objects that will be created by
yourself or by roles that you are a member of."
Is there something set up wrong in the arrangement of
schema/users/databases/permissions?
In case its relevant I have 2 DBs and 3 users set up in production.ini:
ckan_default on the CKAN DB, ckan_default on the datastore DB and
datastore_default on the datastore DB.
Thanks,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20160818/6e2cadd9/attachment-0002.html>
More information about the ckan-dev
mailing list