The 38004 reading_sql_data_not_permitted
error in PostgreSQL is part of the SQL/PSM (Persistent Stored Modules) standard, which pertains to the SQL-invoked routines. This error occurs when an attempt is made to read SQL data from a context where it is not permitted, such as within a function that is defined to be SECURITY DEFINER
and has a READS SQL DATA
or CONTAINS SQL
characteristic.
Here are some scenarios that might lead to this error, along with examples and sample code to help diagnose and fix the issue:
1. SECURITY DEFINER Function Trying to Read Data
A SECURITY DEFINER
function executes with the privileges of the user who defined it, rather than the user who invokes it. If this function is not explicitly allowed to read SQL data, trying to perform a SELECT operation inside it can raise the 38004
error.
Example:
CREATE FUNCTION sensitive_data_reader()
RETURNS void LANGUAGE plpgsql SECURITY DEFINER AS $$
BEGIN
-- Attempt to read data in a SECURITY DEFINER function
PERFORM * FROM sensitive_table;
END;
$$;
Fix:
Ensure that the function is created with the appropriate rights to read SQL data, or avoid reading SQL data within a SECURITY DEFINER
function that is not permitted to do so.
2. Violating the Function’s Volatility Category
PostgreSQL functions can be declared with a certain volatility category (IMMUTABLE
, STABLE
, or VOLATILE
). If a function marked as IMMUTABLE
or STABLE
tries to read SQL data when it is not supposed to, it can lead to this error.
Example:
CREATE FUNCTION stable_data_reader()
RETURNS void LANGUAGE plpgsql STABLE AS $$
BEGIN
-- Attempt to read data in a STABLE function where it's not allowed
PERFORM * FROM regular_table;
END;
$$;
Fix:
Adjust the volatility category of the function to VOLATILE
if it needs to read SQL data, or ensure that the function complies with its declared category.
Diagnosing the Issue
To diagnose the 38004 reading_sql_data_not_permitted
error, consider the following steps:
- Check the function definition to see if it is created with
SECURITY DEFINER
and if it has the appropriate permissions to read SQL data. - Verify the function’s volatility category and ensure that it aligns with the operations being performed within the function.
- Review the SQL/PSM standard for the specific restrictions on SQL-invoked routines and ensure that the function complies with these restrictions.
By carefully examining the function’s definition and the context in which it operates, you can identify the cause of the 38004 reading_sql_data_not_permitted
error and apply the necessary changes to fix it. It’s important to align the function’s permissions and characteristics with the intended behavior to prevent such errors.