Permission issues using external schemas and materialized views in Redshift with Zero-ETL

Hello, I am trying to use materialized views in Redshift, where I have a Zero-ETL integration configured from Aurora MySQL to Redshift. Since the destination Redshift database is completely read-only and I cannot create the views there, I have created a second database and have created external schemas in the new database that point to the schemas in the ETL destination database.

I have then created a local schema in the second database, since the external schemas are read only by default, and have defined my materialized view there. I can successfully query against this materialized view joined against external schema tables using my administrative AWS console user.

However, I cannot run the same query as a separate user I created for application access, and I cannot figure out what the correct way to grant permissions is. It seems like there are a bunch of hidden schemas and relations that are created, either as part of the Zero-ETL setup or the external schema setup.

The first issue I get is:

ProgrammingError: {'S': 'ERROR', 'C': 'XX000', 'M': 'Schema internal_padb_del_schema_119214 does not exist in the database.', 'F': '../src/external_catalog/external_catalog_api.cpp', 'L': '1521', 'R': 'localize_external_table'}

This goes away if I explicitly grant USAGE to the group the application user belongs to for this schema in the Zero-ETL destination database (since the hidden schemas are in there):

GRANT USAGE ON SCHEMA internal_padb_del_schema_119214 TO GROUP data_viewers;

After this, I get a new error, ~~which I have not been able to resolve as I don't know where the relation is~~ resolved in comment below:

ProgrammingError: {'S': 'ERROR', 'C': 'XX000', 'M': 'Relation padbdel#119246 does not exist in the database.', 'F': '../src/external_catalog/external_catalog_api.cpp', 'L': '1521', 'R': 'localize_external_table'}

What is the correct way to grant permissions without having to find all of these hidden schemas and grant permissions to them independently?

ViridisChem-Rahul
5 months ago
I have been able to get the query to run by running the generated SQL from this, however, this seems like a poor user workflow.

SELECT DISTINCT 'GRANT USAGE ON SCHEMA ' + schemaname + ' TO GROUP data_viewers; GRANT SELECT ON ALL TABLES IN SCHEMA ' + schemaname + ' TO GROUP data_viewers;' FROM pg_tables WHERE schemaname LIKE 'internal_padb%'

Topics

Migration & Modernization Analytics Database

Relevant content

Error - Materialized view in redshift
Vanishree
asked 12 days ago
Are redshift auto materialized views schema bound?
meyerovb
asked 2 years ago
Redshift Serverless Integration with ZeroETL OR FDW
Accepted Answer
IC
asked 2 months ago
How to List Views (CREATE VIEW) Without Materialized Views in Amazon Redshift?
dashline
asked 7 months ago
How can I allow Amazon Redshift database regular users permission to view data in system tables from other users for my cluster?
AWS OFFICIALUpdated a year ago
How do I create and query an external table in Amazon Redshift Spectrum?
AWS OFFICIALUpdated 2 years ago
How do I resolve the "Underlying table with oid of view does not exist" error that I receive when refreshing Redshift materialized views?
AWS OFFICIALUpdated 9 months ago
Why is my materialized view not refreshing for my Amazon Redshift cluster?
AWS OFFICIALUpdated 2 years ago
How to solve permission denied error when sharing late binding views in Amazon Redshift Datashare?
EXPERT
Satesh_Sonti-Redshift-DataZone
published 10 months ago
How to find base tables used in Amazon Redshift materialized views and vice versa?
EXPERT
Satesh_Sonti-Redshift-DataZone
published 9 months ago