[ckan-dev] Unable to set permission to DataStore
Harald von Waldow
harald.vonwaldow at eawag.ch
Mon Jan 18 21:11:40 UTC 2016
You need to pipe the output from paster to psql. It has just told you so:
paster datastore set-permissions | sudo -u postgres psql
On 18.01.2016 19:12, Natalia Queiroz wrote:
> Hello group,
>
> I got it using the command
>
> (default)root at localhost:/etc/ckan/default# paster --plugin=ckan
> datastore set-permissions -c /etc/ckan/default/production.ini
> 2016-01-18 15:41:33,818 WARNI [ckanext.datastore.plugin] Omitting
> permission checks because you are running paster commands.
> /*
> This script configures the permissions for the datastore.
>
> It ensures that the datastore read-only user will only be able to select
> from
> the datastore database but has no create/write/edit permission or any
> permissions on other databases. You must execute this script as a database
> superuser on the PostgreSQL server that hosts your datastore database.
>
> For example, if PostgreSQL is running locally and the "postgres" user
> has the
> appropriate permissions (as in the default Ubuntu PostgreSQL install),
> you can
> run:
>
> paster datastore set-permissions | sudo -u postgres psql
>
> Or, if your PostgreSQL server is remote, you can pipe the permissions script
> over SSH:
>
> paster datastore set-permissions | ssh dbserver sudo -u postgres psql
>
> */
>
> -- Most of the following commands apply to an explicit database or to
> the whole
> -- 'public' schema, and could be executed anywhere. But ALTER DEFAULT
> -- PERMISSIONS applies to the current database, and so we must be
> connected to
> -- the datastore DB:
> \connect datastore_default
>
> -- revoke permissions for the read-only user
> REVOKE CREATE ON SCHEMA public FROM PUBLIC;
> REVOKE USAGE ON SCHEMA public FROM PUBLIC;
>
> GRANT CREATE ON SCHEMA public TO "ckan_default";
> GRANT USAGE ON SCHEMA public TO "ckan_default";
>
> GRANT CREATE ON SCHEMA public TO "ckan_default";
> GRANT USAGE ON SCHEMA public TO "ckan_default";
>
> -- take connect permissions from main db
> REVOKE CONNECT ON DATABASE "ckan_default" FROM "datastore_default";
>
> -- grant select permissions for read-only user
> GRANT CONNECT ON DATABASE "datastore_default" TO "datastore_default";
> GRANT USAGE ON SCHEMA public TO "datastore_default";
>
> -- grant access to current tables and views to read-only user
> GRANT SELECT ON ALL TABLES IN SCHEMA public TO "datastore_default";
>
> -- grant access to new tables and views by default
> ALTER DEFAULT PRIVILEGES FOR USER "ckan_default" IN SCHEMA public
> GRANT SELECT ON TABLES TO "datastore_default";
>
>
> After restart Ckan, I tested the set-up using curl command
>
> (default)root at localhost:/etc/ckan/default# curl -X GET
> "http://ckan.jbrj.gov.br/api/3/action/datastore_search?resource_id=_table_metadata"
> {"help":
> "http://ckan.jbrj.gov.br/api/3/action/help_show?name=datastore_search",
> "success": true, "result": {"resource_id": "_table_metadata", "fields":
> [{"type": "text", "id": "_id"}, {"type": "name", "id": "name"}, {"type":
> "oid", "id": "oid"}, {"type": "name", "id": "alias_of"}], "records":
> [{"_id": "1fab8662e5772995", "alias_of": "pg_views", "name":
> "_table_metadata", "oid": 84889}, {"_id": "21b5fe766665b205",
> "alias_of": "pg_tables", "name": "_table_metadata", "oid": 84889}],
> "_links": {"start":
> "/api/3/action/datastore_search?resource_id=_table_metadata", "next":
> "/api/3/action/datastore_search?offset=100&resource_id=_table_metadata"}, "total":
> 2}}
>
>
> The issue now is that I receiving thos error when I access a resource
> information
>
> [Mon Jan 18 15:48:33 2016] [error] [client IP] Error - <class
> 'sqlalchemy.exc.ProgrammingError'>: (ProgrammingError) ERRO:
> permiss\xc3\xa3o negada para rela\xc3\xa7\xc
> 3\xa3o _table_metadata
>
> Any idea?
>
>
> On Mon, Jan 18, 2016 at 11:21 AM, Natalia Queiroz
> <queiroz.nati at gmail.com <mailto:queiroz.nati at gmail.com>> wrote:
>
> Hello Harold, I'm using ckan version 2.4
>
> On Fri, Jan 15, 2016 at 11:56 AM, Harald von Waldow
> <harald.vonwaldow at eawag.ch <mailto:harald.vonwaldow at eawag.ch>> wrote:
>
> Or Natalia looked at the wrong docu-version. Natalia, which
> version of
> CKAN are you running?
>
> On 15.01.2016 13:32, David Read wrote:
> > Harald,
> > I can see no error in the documentation here. I think Natalia
> just misread it.
> >
> http://docs.ckan.org/en/latest/maintaining/datastore.html#set-permissions
> > David
> >
> > On 14 January 2016 at 22:22, Harald von Waldow
> > <harald.vonwaldow at eawag.ch <mailto:harald.vonwaldow at eawag.ch>>
> wrote:
> >> I guess there is an error in the documentation. Try this:
> >>
> >> paster --plugin=ckan datastore set-permissions
> >> -c /etc/ckan/default/production.ini| sudo -u postgres psql
> >>
> >> I guess it is also not such a good idea to run everything as
> root ...
> >>
> >> Cheers,
> >> Harald
> >>
> >> On 14.01.2016 22:01, Natalia Queiroz wrote:
> >>> Hello Harold,
> >>>
> >>> I removed the pdf_view, now I got this ...
> >>>
> >>> (default)root at localhost:/home/nataliaoliveira# paster
> --plugin=ckan
> >>> datastore set-permissions postgres -c
> /etc/ckan/default/production.ini
> >>> 2016-01-14 18:56:53,648 WARNI [ckanext.datastore.plugin]
> Omitting
> >>> permission checks because you are running paster commands.
> >>> usage: paster datastore [-h] {set-permissions} ...
> >>> paster datastore: error: unrecognized arguments: postgres
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Thu, Jan 14, 2016 at 5:41 PM, Harald von Waldow
> >>> <harald.vonwaldow at eawag.ch
> <mailto:harald.vonwaldow at eawag.ch>
> <mailto:harald.vonwaldow at eawag.ch
> <mailto:harald.vonwaldow at eawag.ch>>> wrote:
> >>>
> >>> Remove pdf_view from ckan.plugins in your production.ini or,
> >>> alternatively, install ckanext-pdfview
> >>> (https://github.com/ckan/ckanext-pdfview).
> >>>
> >>> Cheers,
> >>> Harald
> >>>
> >>> On 14.01.2016 20:09, Natalia Queiroz wrote:
> >>> > Hello group,
> >>> >
> >>> > I'm following the ckan documentation to install
> DataStore on my
> >>> environment.
> >>> >
> >>> >
> >>>
> http://docs.ckan.org/en/ckan-2.4.1/maintaining/datastore.html#datapusher-automatically-add-data-to-the-datastore
> >>> >
> >>> > In the topic Set permissions, this is the error from
> the command
> >>> >
> >>> > root at localhost:/etc/ckan/default# .
> /usr/lib/ckan/default/bin/activate
> >>> > (default)root at localhost:/etc/ckan/default# cd
> >>> /usr/lib/ckan/default/src/ckan
> >>> >
> (default)root at localhost:/usr/lib/ckan/default/src/ckan# paster
> >>> > --plugin=ckan datastore set-permissions postgres -c
> >>> > /etc/ckan/default/production.ini
> >>> > Traceback (most recent call last):
> >>> > File "/usr/lib/ckan/default/bin/paster", line 9, in
> <module>
> >>> > load_entry_point('PasteScript==1.7.5',
> 'console_scripts',
> >>> 'paster')()
> >>> > File
> >>> >
> >>>
> "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
> >>> > line 104, in run
> >>> > invoke(command, command_name, options, args[1:])
> >>> > File
> >>> >
> >>>
> "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
> >>> > line 143, in invoke
> >>> > exit_code = runner.run(args)
> >>> > File
> >>> >
> >>>
> "/usr/lib/ckan/default/local/lib/python2.7/site-packages/paste/script/command.py",
> >>> > line 238, in run
> >>> > result = self.command()
> >>> > File
> "/usr/lib/ckan/default/src/ckan/ckanext/datastore/commands.py",
> >>> > line 70, in command
> >>> > self._load_config()
> >>> > File
> "/usr/lib/ckan/default/src/ckan/ckan/lib/cli.py", line 147, in
> >>> > _load_config
> >>> > load_environment(conf.global_conf, conf.local_conf)
> >>> > File
> >>>
> "/usr/lib/ckan/default/src/ckan/ckan/config/environment.py", line
> >>> > 232, in load_environment
> >>> > p.load_all(config)
> >>> > File
> "/usr/lib/ckan/default/src/ckan/ckan/plugins/core.py", line
> >>> 134,
> >>> > in load_all
> >>> > load(*plugins)
> >>> > File
> "/usr/lib/ckan/default/src/ckan/ckan/plugins/core.py", line
> >>> 148,
> >>> > in load
> >>> > service = _get_service(plugin)
> >>> > File
> "/usr/lib/ckan/default/src/ckan/ckan/plugins/core.py", line
> >>> 255,
> >>> > in _get_service
> >>> > raise PluginNotFoundException(plugin_name)
> >>> > ckan.plugins.core.PluginNotFoundException: pdf_view
> >>> >
> >>> > Any idea?
> >>> >
> >>> > --
> >>> >
> >>> >
> >>> > Natália Oliveira
> >>> >
> >>> >
> >>> > _______________________________________________
> >>> > ckan-dev mailing list
> >>> > ckan-dev at lists.okfn.org
> <mailto:ckan-dev at lists.okfn.org> <mailto:ckan-dev at lists.okfn.org
> <mailto:ckan-dev at lists.okfn.org>>
> >>> > https://lists.okfn.org/mailman/listinfo/ckan-dev
> >>> > Unsubscribe:
> https://lists.okfn.org/mailman/options/ckan-dev
> >>> >
> >>>
> >>> --
> >>> Harald von Waldow
> >>> Eawag
> >>> ICT Services
> >>> Ueberlandstrasse 133
> >>> 8600 Duebendorf
> >>> http://www.eawag.ch
> >>>
> >>>
> >>> _______________________________________________
> >>> ckan-dev mailing list
> >>> ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
> <mailto:ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>>
> >>> https://lists.okfn.org/mailman/listinfo/ckan-dev
> >>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>>
> >>>
> >>> Natália Oliveira
> >>>
> >>>
> >>> _______________________________________________
> >>> ckan-dev mailing list
> >>> ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
> >>> https://lists.okfn.org/mailman/listinfo/ckan-dev
> >>> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >>>
> >>
> >> --
> >> Harald von Waldow
> >> Eawag
> >> ICT Services
> >> Ueberlandstrasse 133
> >> 8600 Duebendorf
> >> http://www.eawag.ch
> >>
> >>
> >> _______________________________________________
> >> ckan-dev mailing list
> >> ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
> >> https://lists.okfn.org/mailman/listinfo/ckan-dev
> >> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >>
> > _______________________________________________
> > ckan-dev mailing list
> > ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
> > https://lists.okfn.org/mailman/listinfo/ckan-dev
> > Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
> >
>
> --
> Harald von Waldow
> Eawag
> ICT Services
> Ueberlandstrasse 133
> 8600 Duebendorf
> http://www.eawag.ch
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org <mailto:ckan-dev at lists.okfn.org>
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
>
>
>
> --
>
>
> Natália Oliveira
>
>
>
>
> --
>
>
> Natália Oliveira
>
>
> _______________________________________________
> ckan-dev mailing list
> ckan-dev at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/ckan-dev
> Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
>
--
Harald von Waldow
Eawag
ICT Services
Ueberlandstrasse 133
8600 Duebendorf
http://www.eawag.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20160118/2e0df5ff/attachment-0003.sig>
More information about the ckan-dev
mailing list