Hi all, I'm noticing that the default reader account for cspace can't access any schema extension generated tables. The error returned is "ERROR: permission denied for relation foo_bar" Should privileges be updated for the reader account upon every db table generation? Could the reader account be created so that default privs get automatically granted on all new table creation? Something like this: http://www.postgresql.org/docs/9.0/static/sql-alterdefaultprivileges.html - Jesse

Yes, this is one issue with postgres. I thought we had a script to do this - will look into it. Probably a step in create_db that we can pull out (and maybe even do automatically). Patrick -- Sent from my Droid. Please excuse her manners. Jesse Martinez <jmartinez@movingimage.us> wrote: Hi all, I'm noticing that the default reader account for cspace can't access any schema extension generated tables. The error returned is "ERROR: permission denied for relation foo_bar" Should privileges be updated for the reader account upon every db table generation? Could the reader account be created so that default privs get automatically granted on all new table creation? Something like this: http://www.postgresql.org/docs/9.0/static/sql-alterdefaultprivileges.html - Jesse _____________________________________________ Talk mailing list Talk@lists.collectionspace.org http://lists.collectionspace.org/mailman/listinfo/talk_lists.collectionspace.org

Hi Jesse - If you (re-)run the following SQL command you can fix this. Would you also file a JIRA that this should be done automatically? We do have logic in there that handles this, but in trying to be clever, we only run it if we think we have not run it before. As a result, if you add tables after we have first-time-initialized collectionspace, it will not run this again and so does not grant access to newly added tables (e.g., extension schemas). In response to the JIRA you file, we will remove the "clever" bit and it should handle this automatically in future. Please add this comment to the JIRA (am asking you to file, so you can test a fix - thanks): "In ReportPostInitHandler.onRepositoryInitialized, comment out lines 86 to 94." Here's the SQL to fix your current situation: GRANT SELECT ON ALL TABLES IN SCHEMA public TO {readerRoleName} Where you should replace {readerRoleName} with the name of the reader role for your tenant. HTH - Patrick > -----Original Message----- > From: talk-bounces@lists.collectionspace.org > [mailto:talk-bounces@lists.collectionspace.org] On Behalf Of > Jesse Martinez > Sent: Thursday, January 26, 2012 12:59 PM > To: CollectionSpace Talk List; CollectionSpace Work list > Subject: [Talk] Postgresql and reader account privs > > Hi all, > > I'm noticing that the default reader account for cspace can't > access any schema extension generated tables. The error > returned is "ERROR: > permission denied for relation foo_bar" Should privileges be updated > for the reader account upon every db table generation? Could > the reader account be created so that default privs get > automatically granted on all new table creation? Something like this: > http://www.postgresql.org/docs/9.0/static/sql-alterdefaultpriv ileges.html > > - Jesse > > _______________________________________________ > Talk mailing list > Talk@lists.collectionspace.org > http://lists.collectionspace.org/mailman/listinfo/talk_lists.c > ollectionspace.org >