How to diagnose and fix the 38004 reading_sql_data_not_permitted error code in Postgres.

The 38004 reading_sql_data_not_permitted error in PostgreSQL is part of the SQL/PSM (Persistent Stored Modules) standard, which pertains to the SQL-invoked routines. This error occurs when an attempt is made to read SQL data from a context where it is not permitted, such as within a function that is defined to be SECURITY DEFINER and has a READS SQL DATA or CONTAINS SQL characteristic.

Here are some scenarios that might lead to this error, along with examples and sample code to help diagnose and fix the issue:

1. SECURITY DEFINER Function Trying to Read Data

A SECURITY DEFINER function executes with the privileges of the user who defined it, rather than the user who invokes it. If this function is not explicitly allowed to read SQL data, trying to perform a SELECT operation inside it can raise the 38004 error.


CREATE FUNCTION sensitive_data_reader()
  -- Attempt to read data in a SECURITY DEFINER function
  PERFORM * FROM sensitive_table;

Ensure that the function is created with the appropriate rights to read SQL data, or avoid reading SQL data within a SECURITY DEFINER function that is not permitted to do so.

2. Violating the Function’s Volatility Category

PostgreSQL functions can be declared with a certain volatility category (IMMUTABLE, STABLE, or VOLATILE). If a function marked as IMMUTABLE or STABLE tries to read SQL data when it is not supposed to, it can lead to this error.


CREATE FUNCTION stable_data_reader()
  -- Attempt to read data in a STABLE function where it's not allowed
  PERFORM * FROM regular_table;

Adjust the volatility category of the function to VOLATILE if it needs to read SQL data, or ensure that the function complies with its declared category.

Diagnosing the Issue

To diagnose the 38004 reading_sql_data_not_permitted error, consider the following steps:

  • Check the function definition to see if it is created with SECURITY DEFINER and if it has the appropriate permissions to read SQL data.
  • Verify the function’s volatility category and ensure that it aligns with the operations being performed within the function.
  • Review the SQL/PSM standard for the specific restrictions on SQL-invoked routines and ensure that the function complies with these restrictions.

By carefully examining the function’s definition and the context in which it operates, you can identify the cause of the 38004 reading_sql_data_not_permitted error and apply the necessary changes to fix it. It’s important to align the function’s permissions and characteristics with the intended behavior to prevent such errors.

Leave a Comment