Login/Register
Postgres 15. permission denied for schema public
Asked Answered
Solved sqlpostgresqldebianpostgresql-15
S

3

53

Can't create tables in public schema as non-superuser

postgres - super user.

What I've done:

ALTER SCHEMA public owner to postgres;  

CREATE USER admin WITH PASSWORD 'my-password';   

GRANT USAGE, CREATE ON SCHEMA public TO postgres;   
GRANT USAGE, CREATE ON SCHEMA public TO admin;    

CREATE DATABASE mydb;    
GRANT ALL ON DATABASE mydb TO admin;

privileges:

postgres=# \dn+
                          List of schemas
  Name  |  Owner   |  Access privileges   |      Description       
--------+----------+----------------------+------------------------
 public | postgres | postgres=UC/postgres+| standard public schema
        |          | =UC/postgres        +| 
        |          | admin=UC/postgres    | 
(1 row)

what I got:

enter image description here

How to create tables in public schema?

Salba answered 18/10, 2022 at 12:6 Comment(2)
postgresql.org/about/news/postgresql-15-released-2526 PostgreSQL 15 also revokes the CREATE permission from all users except a database owner from the public (or default) schemaGride
"postgres" owner database. "postgres" owner schema "public". \dn+ shows that the admin has full access to the schema, but that doesn't work for me.Salba
A
127

The first comment nailed the most likely reason this is happening. Quoting the release announcement:

PostgreSQL 15 also revokes the CREATE permission from all users except a database owner from the public (or default) schema.

The reason your fix didn't work is that all actions you took on database postgres in regards to user admin's privileges on schema public concern only that schema within the database postgres. Schema public on database postgres is not the same schema public as the one on newly created mydb.

Also, this:

GRANT ALL ON DATABASE mydb TO admin;

grants privileges on the database itself, not things within the database. admin can now drop the database, for example, still without being able to create tables in schema public. My guess is that you wanted to make admin also the owner of mydb, in which case you need to add

ALTER DATABASE mydb OWNER TO admin;

Or you need to repeat your GRANT USAGE, CREATE ON SCHEMA public TO admin; on mydb.

Here's some more documentation on secure schema usage patterns the PostgreSQL 15 change was based on.

Alvarado answered 18/10, 2022 at 13:14 Comment(5)
Thank you! I understand that public is different. How can i execute the command: GRANT USAGE, CREATE ON SCHEMA public TO admin; For the public schema on "mydb"? Sorry if my question is stupid) ALTER DATABASE mydb OWNER TO admin; This work, but not what I was looking for)Salba
Depending on what db client/IDE you are in, you might need to create a new connection. However you connected to database postgres at the moment, you should do the same again and just replace the database name in connection settings to mydb. Once you're in, you can make sure by issuing select current_database(), current_user;Alvarado
Thank you very much. It works! postgres=# \c myDB and myDB=# GRANT USAGE, CREATE ON SCHEMA public TO admin;Salba
Special thanks, I was stuck for two days on this issue, the keycloak was not able to access to the public schema.Mycosis
You also may need GRANT ALL PRIVILEGES ON TABLESPACE tsname TO username;Hyperostosis
T
1

You have created the DB after having granted the privileges on the public schema. Chances are your admin user is using the new DB, which only have the default priviledges

Troop answered 18/10, 2022 at 13:12 Comment(0)
S
0

For me the soln was changing the directory to createdDB.

//script.sql

\c postgres; // adding this line was the fix
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
CREATE USER test PASSWORD 'test' NOSUPERUSER CREATEDB CREATEROLE INHERIT;
GRANT CONNECT ON DATABASE postgres TO test;
GRANT USAGE ON SCHEMA public TO test;
GRANT CREATE ON SCHEMA public TO test;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO test;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO test;

SELECT pg_catalog.has_schema_privilege('test', 'public', 'USAGE') AS has_usage,pg_catalog.has_schema_privilege('test', 'public', 'CREATE') AS has_create;`
Svend answered 16/4, 2024 at 13:34 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.