Flex table view grant error

levkisslevkiss Community Edition User
edited October 2020 in General Discussion

Hello
I got a very strange error. The point is that I need to create a flex table as administrator and then use the compute_flextable_keys_and_build_view () function.

This only works well when I do the procedure as an administrator. When I try to do this from the user, I get a SQL Error [3989] [42501]: [Vertica] [VJDBC] (3989) ERROR: Must be owner of relation FLEX_DATA_view.

The problem is that I give all the rights to the schema to the user, but they do not appear in the view.

You can reproduce this error the following way:
dbadmin:
1. CREATE SCHEMA MY_SC DEFAULT INCLUDE SCHEMA PRIVILEGES;
2. create user test identified by 'passwd';
3. GRANT CREATE, SELECT, INSERT, UPDATE, TRUNCATE, DELETE, REFERENCES, USAGE ON SCHEMA MY_SC TO test;
4. create flex table MY_SC.FLEX_DATA();

user test:
1. select compute_flextable_keys_and_build_view('MY_SC.FLEX_DATA');
And here i get error((

How can you solve this?

Tagged:

Answers

  • moshegmosheg Vertica Employee Administrator

    As mentioned in the error message, user test should be the owner for the relation view.
    To create a view under test user ownership, try this:

    cat view_grant.sql
\c - dbadmin
-- You are now connected as user "dbadmin".
DROP SCHEMA MY_SC CASCADE;
-- DROP SCHEMA
DROP USER test01 CASCADE;
-- DROP USER
CREATE SCHEMA MY_SC DEFAULT INCLUDE SCHEMA PRIVILEGES;
-- CREATE SCHEMA
CREATE USER test01;
-- CREATE USER
CREATE FLEX TABLE MY_SC.FLEX_DATA();
-- CREATE TABLE
GRANT ALL ON SCHEMA MY_SC,PUBLIC TO test01;
-- GRANT PRIVILEGE
GRANT ALL PRIVILEGES ON MY_SC.FLEX_DATA TO test01;
-- GRANT PRIVILEGE
copy MY_SC.FLEX_DATA from STDIN parser FDELIMITEDPARSER() delimiter ',' abort on error;
f1,f2,f3,f4,f5
5,6,7,lalala,8
50,60,70,papapa,80
\.

\c - test01
-- You are now connected as user "test01".
SELECT COMPUTE_FLEXTABLE_KEYS('MY_SC.FLEX_DATA');
--               COMPUTE_FLEXTABLE_KEYS
-- --------------------------------------------------
--  Please see MY_SC.FLEX_DATA_keys for updated keys
-- (1 row)

SELECT BUILD_FLEXTABLE_VIEW('MY_SC.FLEX_DATA','MY_SC.my_view','MY_SC.FLEX_DATA_keys');
--             BUILD_FLEXTABLE_VIEW
-- ----------------------------------------------
--  The view MY_SC.my_view is ready for querying
-- (1 row)

SELECT * FROM MY_SC.my_view;
--  f1 | f2 | f3 |   f4   | f5
-- ----+----+----+--------+----
--   5 |  6 |  7 | lalala |  8
--  50 | 60 | 70 | papapa | 80
-- (2 rows)
  • SergeBSergeB - Select Field - Employee

    What version of Vertica are you using in your test?
    Could you also check the following after creating your flex table:
    select name, inheritPrivileges from vs_tables where name like 'flex_data%' order by name;
    and
    select table_name, inherit_privileges from views where table_name like 'flex_data%' order by table_name;

  • levkisslevkiss Community Edition User
    edited October 2020

    Thanks for your immediate answer!
    I'm using vertica container for docker. The version of vertica is 10.0.1-0.

    When i perform this query:
    select name, inheritPrivileges from vs_tables where name like 'flex_data%' order by name;
    and
    select table_name, inherit_privileges from views where table_name like 'flex_data%' order by table_name;
    I get a table consisting of 2 rows FLEX_DATA and 2 rows FLEX_DATA_KEYS, but not FLEX_DATA_VIEW.

    This query from below works well, but i need to create a view named 'MY_SC.FLEX_DATA_view' instead of 'MY_SC.my_view' :(
    SELECT BUILD_FLEXTABLE_VIEW('MY_SC.FLEX_DATA','MY_SC.my_view','MY_SC.FLEX_DATA_keys');

    I need to create a table FLEX_DATA as a superuser and then alow some other users perform the following query without getting ERROR:
    select compute_flextable_keys_and_build_view('MY_SCFLEX_DATA');

    Why my flex table's view 'MY_SC.my_view' (which is created automatically when the FLEX_DATA table is created) doesn't inherit MY_SC grants like other tables? I dont even see this view when i enter as test user.

  • moshegmosheg Vertica Employee Administrator

    Since only the owner of FLEX_DATA_view can run the BUILD_FLEXTABLE_VIEW,
    If dbadmin will do it first as shown below, given that other users have the right GRANTs, they will be able to use that view later on.

    \c - dbadmin
-- You are now connected as user "dbadmin".
CREATE SCHEMA MY_SC DEFAULT INCLUDE SCHEMA PRIVILEGES;
CREATE USER user01;
CREATE FLEX TABLE MY_SC.FLEX_DATA();

GRANT ALL ON SCHEMA MY_SC,PUBLIC TO user01;
GRANT ALL PRIVILEGES ON MY_SC.FLEX_DATA TO user01;
GRANT ALL PRIVILEGES ON MY_SC.FLEX_DATA_view TO user01;

COPY MY_SC.FLEX_DATA from STDIN parser FDELIMITEDPARSER() delimiter ',' abort on error;
f1,f2
1,dbadmin data
\.

SELECT COMPUTE_FLEXTABLE_KEYS('MY_SC.FLEX_DATA');
SELECT BUILD_FLEXTABLE_VIEW('MY_SC.FLEX_DATA');

\c - user01
-- You are now connected as user "user01".
COPY MY_SC.FLEX_DATA from STDIN parser FDELIMITEDPARSER() delimiter ',' abort on error;
f1,f2
2,user01 data
\.

SELECT * FROM MY_SC.FLEX_DATA_view;
  f1 |      f2
 ----+--------------
   1 | dbadmin data
   2 | user01 data
 (2 rows)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home General DiscussionComment As ...