Bug 1418602

Suyog,

BZ#1334742 is unrelated to this bug. My question was if a user executes query
~~~
SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');
~~~

which according to documentation enables read-only access to user 'cfme'. When I executed the query, it replied with "0 records found". What I doubt is the command did not worked. If the command worked(cfme was granted r/o access) it should have replied with something like "1 record was modified". Does it makes sense? My assumption may be wrong.


--
Sachin

The SQL command above and in the documentation (CloudForms 4.2 and prior) only outputs a series of subsequent SQL commands that would need to be executed to actually grant access for cfme user to the ovirt_engine_history DB tables.  This method may be for older versions of postgresql.  In my environment (CFME 5.7.2.1 and RHVM 4.1.1) the following commands gave read (SELECT) access to cfme user and metrics began to appear shortly after:

[root@vrhvm-demolab ~]# su - postgres
Last login: Fri May 19 14:35:50 EDT 2017 on pts/0
-bash-4.2$ psql -d ovirt_engine_history -c "grant usage on schema public to cfme;"
GRANT
-bash-4.2$ psql -d ovirt_engine_history -c "grant select on all tables in schema public to cfme;"
GRANT

This worked on two separate RHVM providers reporting to a single CFME.

Same result as in RHV-M 4.1 documentation (that I just found): 
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/data_warehouse_guide/allowing_read_only_access_to_the_history_database

This is simple the PL\SQL reply for the scripts.
It gives no printed output. This doesn't mean it won't work.
It does the job.

I agree. But it did not altered any records("0 record found") which I assumed made no changes in the DB.

We have verified #comment 5 in our rhevm environment and it works as expected. 

but confusion here is the SQL query altered the DB?

SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');

As Deepak verified command in comment#5 worked. My question being the SQL query

~~~
 SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');
~~~

is expected to give o/p as "0 records found"? in that case I guess above query did not actually grant r/o permissions.

The output of...

ovirt_engine_history=# SELECT 'GRANT SELECT ON ' || relname || ' TO cfme;' FROM pg_class JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace WHERE nspname = 'public' AND relkind IN ('r', 'v', 'S');

...produces SQL statements that need to be run as a script.  It does not in fact GRANT access to the cfme user. Additional steps are required to grant access.

I suggest that the CloudForms Deployment Planning Guide documentation be aligned to and reference the RHV documentation, specifically section 2.6 of the RHV Data Warehouse Guide:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html-single/data_warehouse_guide/#Allowing_Read_Only_Access_to_the_History_Database

Linking to BZ#1606935, which requests changes to the same section.