Re: Role blues

Hi Kaare,

On Tue, Jun 7, 2016 at 6:10 AM, Kaare Rasmussen <..hidden..> wrote:

Hi

Still testing 1.5 beta6. I don't know if I'm alone in having the role
blues.

The process you used to create your database as described below is highly non-standard, so, I sure would expect that to be part of your pain. Comments below as to what could be wrong.

First off, I tried to install LedgerSMB into an existing database
with no success (I forgot to register the actual error message).

Ok. Can you add a short description of the use-case to support creating it in an existing database? Maybe we want to support it out of the box, but currently there's a bit of tweaking required to get things working and operational.

Then I
tried to install into a new database, dump it and reload into the one I
want to use.

I managed to add a user, which works also in the new database.

In all cases I use the lsmb_dbadmin user created as per the documentation.

But now I want to add more users. And then I get this error

Error!

ERROR: Access Denied for class
CONTEXT: SQL statement "INSERT INTO entity (name, entity_class, country_id)

It's an error that comes from Roles.sql. There is a step you need to execute when moving a schema from one database to another, which you didn't know about:

INSERT INTO defaults VALUES ('role_prefix', 'lsmb_<name-of-your-old-databas>__');

With this executed, it should work.

values (in_first_name || ' ' || in_last_name, 3, in_country_id)"
PL/pgSQL function
person__save(integer,integer,text,text,text,integer,date,text) line 20
at SQL statement:
SELECT *
FROM "public"."person__save"(?, ?, ?, ?, ?, ?, ?, ?) at
/home/jasonic/perl5/perlbrew/perls/perl-5.20.0/lib/site_perl/5.20.0/PGObject.pm
line 361.

and I have now idea where 'class' is coming from. OK, then I thought
that I had messed up the roles somehow, when I dumped and reloaded the
database. So I wanted to dump the roles from the original database. Just
to see in the browser, and I get this error:

pg_dumpall: query failed: ERROR: permission denied for relation
pg_authid at
/home/jasonic/perl5/perlbrew/perls/perl-5.20.0/lib/site_perl/5.20.0/PGObject/Util/DBAdmin.pm
line 356.

The log says:

ERROR: permission denied for relation pg_authid
STATEMENT: SELECT oid, rolname, rolsuper, rolinherit, rolcreaterole,
rolcreatedb, rolcanlogin, rolconnlimit, rolpassword, rolvaliduntil,
rolreplication, rolbypassrls, pg_catalog.shobj_description(oid,
'pg_authid') as rolcomment, rolname = current_user AS is_current_user
FROM pg_authid ORDER BY 2

Hmm. that seems to be another problem; I'll need to look at that one later. However, you're not likely to encounter this problem when you have the INSERT statement executed as listed above, so I'm going to mark it as non-blocking for now.

But current_user should be lsmb_dbadmin. I can log in as that user and
perform that same query w/o problems.

Before I use a lot of the time I don't have to hunt this down, I thought
I'd discuss it here. Perhaps I'm doing something very simple wrong.

Yea. Good you did, because chances are slim that you would have found out about the role_prefix any time soon.

Regards,

Bye,

Erik.

http://efficito.com -- Hosted accounting and ERP.

Robust and Flexible. No vendor lock-in.