The Amazon Redshift documentation for stl_load_errors states that "This table is visible to all users." However, I get different results when querying as a superuser (936 rows) vs a non-superuser (0 rows). Why does the query run as the non-superuser return 0 rows?
Here are the queries I ran.
Superuser:
$ psql -U masteruser -h XX.XX.XX.XX -p 5439 bi -w -c "select count(*) from stl_load_errors"
 count 
-------
   936
(1 row)
Non-superuser:
$ psql -U emonsen -h XX.XX.XX.XX -p 5439 bi -w -c "select count(*) from stl_load_errors"
 count 
-------
     0
(1 row)
Furthermore I can use HAS_TABLE_PRIVILEGE to show that Redshift thinks "emonsen" has the correct privileges on stl_load_errors:
$ psql -U masteruser -h XX.XX.XX.XX -p 5439 bi -w -c "select has_table_privilege('emonsen', 'stl_load_errors', 'select')"
 has_table_privilege 
---------------------
 t
(1 row)
Amazon Redshift doesn't support tables with column-level privileges for cross-database queries. Amazon Redshift doesn't support concurrency scaling for the queries that read data from other databases. Amazon Redshift doesn't support query catalog objects on AWS Glue or federated databases.
Superusers retain all permissions regardless of GRANT and REVOKE commands. To create a new database superuser, log on to the database as a superuser and issue a CREATE USER command or an ALTER USER command with the CREATEUSER permission.
Access to the database is the ability to control a database's objects like tables and views. You must be a superuser to create an Amazon Redshift user. The Master User is a superuser. A database superuser bypasses all permission checks. Therefore, be very careful when using a superuser role.
STL_LOAD_ERRORS contains a history of all Amazon Redshift load errors.
the solution here is to be granted with the SYSLOG ACCESS permissions. Here is the documentation: AWS - Visibility of Data in System Tables and Views
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With