K
Q

SequelizeDatabaseError: permission denied for relation notice_opened_tbl

2/29/2020

I created a new table in Postgres, and I am having issues accessing it with Sequelize. I have already GRANTED all permissions to the table theoretically, and I can use the same account to access the table via my DB GUI.

Is there some additional permission needed for this relationship?

Executing (default): SELECT date_trunc('day', "created_at"), COUNT("id") AS "COUNT" FROM "notice_opened_tbl" AS "notice_opened_tbl" WHERE "notice_opened_tbl"."merchant_id" = 40 GROUP BY date_trunc('day', "created_at") ORDER BY date_trunc('day', "created_at") ASC;
(node:45) UnhandledPromiseRejectionWarning: SequelizeDatabaseError: permission denied for relation notice_opened_tbl

EDIT: Current permissions - as you can see, they look correct. The user I am trying to connect with right now is postgresadmin (will be changed before production)

permissions

EDIT: I don't think it is related to the permissions - I've tried virtually everything related to them, and the query worked when I connected to the database from my local machine, but not from dev. The issue is only with this one newly created table though.

Also, this is on AWS if it helps anyone

Here is my dev setup - all queries BUT the query involving the new table works from here:

const sequelize = new Sequelize(
    process.env.DATABASE_NAME || "DATABASENAMEHERE",
    process.env.DATABASE_USERNAME || "postgresadmin",
    process.env.DATABASE_PASSWORD || "PASSWORDHERE",
    {
        host: process.env.DATABASE_HOST || "postgres",
        dialect: "postgres",
        port: process.env.DATABASE_PORT || 5432,
        pool: {
            max: 10,
            min: 0,
            acquire: 30000,
            idle: 10000,
        },
        define: {
            timestamps: false,
        },
    });

Here is my local setup, which works from my local machine - the query works from here:

const sequelize = new Sequelize(
    process.env.DATABASE_NAME || "DATABASEHERE",
    process.env.DATABASE_USERNAME || "postgresadmin",
    process.env.DATABASE_PASSWORD || "PASSWORDHERE",
    {
        host: process.env.DATABASE_HOST || "localhost",
        dialect: "postgres",
        port: process.env.DATABASE_PORT || 5465,
        pool: {
            max: 10,
            min: 0,
            acquire: 30000,
            idle: 10000,
        },
        define: {
            timestamps: false,
        },
    });

In dev, the host is postgres because that's the Kubernetes service associated with the database connection

Here's the code for the query (it is not cleaned up yet):

let merchantId = parseInt(req.param("merchantId"), 10);
let noticeWhere = {
       merchant_id: merchantId,
    };
    if (req.query.startdate && req.query.enddate) {
        // @ts-ignore
        noticeWhere.created_at = {
            [Op.between]: [req.query.startdate, req.query.enddate]
        };

    }

    let noticesOpened = NoticeOpened.aggregate(
        "id",
        "COUNT", {
            plain: false,
            where: noticeWhere,
            group: [sequelize.fn("date_trunc", "day", sequelize.col("created_at"))],
            order: [
                [sequelize.fn("date_trunc", "day", sequelize.col("created_at")), "ASC"]
            ],
        });
    return noticesOpened;

YAML output for the postgres Kubernetes service:

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"creationTimestamp":"2019-07-21T02:44:44Z","name":"postgres","namespace":"default","resourceVersion":"169556","selfLink":"/api/v1/namespaces/default/services/postgres","uid":"7ef0a60f-ab61-11e9-8d66-06505b5dee68"},"spec":{"externalName":"URLHERE","ports":[{"port":5432,"protocol":"TCP","targetPort":5432}],"sessionAffinity":"None","type":"ExternalName"},"status":{"loadBalancer":{}}}
  creationTimestamp: 2019-11-23T00:07:00Z
  name: postgres
  namespace: default
  resourceVersion: "14358655"
  selfLink: /api/v1/namespaces/default/services/postgres
  uid: 2c1a58a4-0d85-11ea-a8cb-02dead532c7a
spec:
  externalName: URLHERE
  ports:
  - port: 5432
    protocol: TCP
    targetPort: 5432
  sessionAffinity: None
  type: ExternalName
status:
  loadBalancer: {}
-- Cecil Rodriguez
kubernetes
node.js
postgresql
sequelize.js

Similar Questions

kubernetes service, Can the same Nodeport value (ie 30150) be used on 3 different Nodes?
how to keep kubernetes pod's status the same or recover automatic
unexpected behavior using zip-stream NPM on Google k8s
Kubernetes rolling update by only changing env variables

2 Answers

3/3/2020

The permission denied for relation error is a general PostgreSQL error meaning that the user that's connected to the database doesn't have access to write or read a specific table.

DEFAULT PRIVILEGES do not change permissions for existing objects.They are the default privileges for newly created objects and only for the particular role they belong to. If you do not define the role when running ALTER DEFAULT PRIVILEGES, it defaults to the current role (when executing the ALTER DEFAULT PRIVILEGES statement.

Common causes of this error are as follows:

  • If you have created a new credential for your database, you'll need to configure the appropriate permissions for this credential well.

  • Row limits also may be the reason for this error.

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO someuser;

you can simply move that GRANT ALL.. query all the way down to the bottom (the point where you created all the necessary table for your database). You can check the link

-- Deep Kakkar
Source: StackOverflow
3/3/2020

Try running the following:

SCHEMANAME fill in

GRANT USAGE ON SCHEMA SCHEMANAME TO postgresadmin;

GRANT SELECT, INSERT, UPDATE, DELETE ON notice_opened_tbl IN SCHEMA SCHEMANAME TO postgresadmin;

GRANT SELECT, UPDATE, USAGE ON ALL SEQUENCES IN SCHEMA SCHEMANAME to postgresadmin

GRANT ALL PRIVILEGES ON TABLE notice_opened_tbl TO postgresadmin;
-- Matt
Source: StackOverflow