Error Binding to POSTGRES Service, "Service broker error: pq: invalid privilege type SELECT for database"
search cancel

Error Binding to POSTGRES Service, "Service broker error: pq: invalid privilege type SELECT for database"

book

Article ID: 297835

calendar_today

Updated On:

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

Symptoms:

After upgrading to version 1.1.0, some users may get this error when trying to bind an app to a postgres database created by the AWS service broker

Server error, status code: 502, error code: 10001, message: Service broker error: pq: invalid privilege type SELECT for database

 

 

Environment


Cause

Configurable database permissions where added in AWS broker version 1.1.0 via the AWS service broker tile. Whatever permissions are set in this field will get applied to the user for newly created databases.

For example, let's assume the broker creates a new database called "newdb" and a new user called "user1." Given the permissions, in the above screenshot, the AWS broker would apply for those permissions as followed and get the error observed during the bind operation. This is because postgres does not support setting the SELECT permission on the database for a given user without more specific options.

postgres=# GRANT SELECT,CREATE,TEMP,CONNECT ON DATABASE newdb TO user1;
ERROR:  invalid privilege type SELECT for database

 

 

Resolution

AWS broker version 1.3.0 now sets the default permissions to "CREATE, TEMP, CONNECT." These are the recommended permissions that should be set.  Please update your AWS service broker tile and apply the default settings from 1.3.0 or simply remove the "SELECT" privilege from your existing configuration located in AWS Service Broker Tile -> Settings -> RDS Config -> PostgreSQL Plans -> User Privileges.