When you perform data analytics operations on a Hologres instance, an error may occur if you are not granted the required development permissions. This topic provides answers to commonly asked questions about the development permissions on Hologres instances.
FAQ
- How do I select an appropriate Hologres permission model?
- Why is the error message "role "RAM$xxx" doesn't not exsit" returned when I perform data analytics operations on a Hologres instance?
- Why is the error message "Cloud authentication failed for access id "xxxx"" returned when I connect to an instance by using a development tool?
- Why is the error message "permission denied for table xxxx" returned when I query a table?
- Why is the error message "permission denied for database"xxx"" returned when I perform data analytics operations on a Hologres instance?
- Why is the error message "must be the owner of table xxxx" returned when I manage a table?
How do I select an appropriate Hologres permission model?
- The standard PostgreSQL authorization model is a native PostgreSQL permission model. If you are familiar with PostgreSQL and relevant permission management, you can grant permissions to users by using this model with ease. If you need to manage permissions on tables and have sufficient time and energy, you can grant each user the permissions to manage tables and revoke the permissions by using this model.
- The SPM is a database-level simple permission model. In this model, all users who need to use a database are added to a specific user group. Each user group are granted specific access permissions on all objects in a schema. You may rarely perform data development based on schemas or only use schemas to classify table objects just like directories without the need to isolate permissions based on the schemas. In this case, we recommend that you use the SPM.
- In the SLPM, each schema includes a developer group, a writer group, and a viewer group. If you need to perform the schema-level user isolation and permission isolation for tables, we recommend that you use the SLPM.
Why is the error message "role "RAM$xxx" doesn't not exsit" returned when I perform data analytics operations on a Hologres instance?
- Problem description
After I connected to an instance by using a development tool, I could not perform data analytics operations such as query data in the instance. The following error message is returned: role "RAM$xxx" doesn't not exsit.
- Cause
The current RAM user is not added to the instance.
- Solution
You can grant the current RAM user relevant permissions on the instance based on your business needs. For example, you can assign the superuser role to the RAM user. For more information about authorization, see Grant the development permissions on a Hologres instance to RAM users.
Why is the error message "Cloud authentication failed for access id "xxxx"" returned when I connect to an instance by using a development tool?
- Problem description
When I connected to an instance by using a development tool, an error occurred. The following error message is returned: Cloud authentication failed for access id "xxxx".
- Cause
The password of the current RAM user is invalid.
- Solution
You must check the password of the current RAM user to ensure that the password is an AccessKey pair and does not contain spaces. For more information about the AccessKey pair, see Create an Alibaba Cloud account.
Why is the error message "permission denied for table xxxx" returned when I query a table?
- Problem description
When I performed data analytics operations such as query data in an instance, an error occurred. The following error message is returned: Execution failed: ERROR: permission denied for table xxxx.
- Cause
The current RAM user does not have permissions to view specific tables.
- Solution
You can select solutions based on different authorization models.
- Standard PostgreSQL authorization model: Execute the following statement to grant permissions to a RAM user. In the statement,
p4_UID specifies the account information of the RAM user. For more information about
the standard PostgreSQL authorization model, see Grant permissions by using the standard PostgreSQL authorization model.
grant select on table tablename to "p4_UID";
- SPM: Add the current RAM user to a viewer group or another user group. For more information, see Use the SPM.
- Standard PostgreSQL authorization model: Execute the following statement to grant permissions to a RAM user. In the statement,
p4_UID specifies the account information of the RAM user. For more information about
the standard PostgreSQL authorization model, see Grant permissions by using the standard PostgreSQL authorization model.
Why is the error message "permission denied for database"xxx"" returned when I perform data analytics operations on a Hologres instance?
- Problem description
After I connected to an instance by using a development tool, I could not perform data analytics operations such as query data in the instance. The following error message is returned: FATAL:permission denied for database"xxx" detail: user does not have CONNECT privilege.
- Cause
The current RAM user is only added to the instance but is not granted the development permissions on the instance.
- Solution
You can grant the current RAM user relevant permissions on the instance based on your business needs. For example, you can assign the superuser role to the RAM user. For more information about authorization, see Grant the development permissions on a Hologres instance to RAM users.
Why is the error message "must be the owner of table xxxx" returned when I manage a table?
- Problem description
When I performed data analytics operations on an instance, an error occurred. The following error message is returned: must be the owner of table xxxx.
- Cause
The current RAM user is not the owner of the table and is not allowed to create a child partitioned table or delete the table.
- Solution
You can select solutions based on different authorization models.
- Standard PostgreSQL authorization model: Execute the following statement to grant owner permissions of the table to the current
RAM user. In the statement, p4_UID specifies the account information of the RAM user.
For more information about the standard PostgreSQL authorization model, see Grant permissions by using the standard PostgreSQL authorization model.
alter table tablename owner to "p4_UID";
- SPM: Add the current RAM user to a developer group or another user group. For more information, see Use the SPM.
- Standard PostgreSQL authorization model: Execute the following statement to grant owner permissions of the table to the current
RAM user. In the statement, p4_UID specifies the account information of the RAM user.
For more information about the standard PostgreSQL authorization model, see Grant permissions by using the standard PostgreSQL authorization model.