Extended protocol SELECT fails with 'permission denied for table pg_type' #2317
Description
Description
SELECT queries with bind parameters via the extended query protocol fail with:
permission denied for table pg_type (errno 1105) (sqlstate HY000)
This appears to happen because the extended protocol's Describe/Parse step needs to resolve parameter types via pg_type, and DoltgreSQL denies access to it for non-superuser connections.
Simple protocol SELECT (via raw_sql()) and SELECTs on the superuser (postgres) connection work fine.
Reproduction
// Connect as a non-superuser:
let pool = PgPoolOptions::new()
.connect("postgres://myuser:mypass@localhost:5433/mydb")
.await?;
// This fails:
let user = sqlx::query_as::<_, User>("SELECT * FROM users WHERE google_id = $1")
.bind("some-google-id")
.fetch_optional(&pool)
.await?;
// Error: permission denied for table pg_type (errno 1105)
// But this works (simple protocol, no bind parameters):
let sql = "SELECT * FROM users WHERE google_id = 'some-google-id'";
let user = pool.fetch_optional(sqlx::raw_sql(sql)).await?;The error occurs on the very first extended protocol query. It is not specific to any table — any SELECT with $1 bind parameters triggers it.
Context
This may be related to #1465 (SQLAlchemy pg_type access issues) and #442 (pg_catalog table name resolution). The fix for #1465 may have resolved the OID resolution but not the permission check for non-superuser connections.
Workaround
We converted all SELECT queries to use the simple query protocol via sqlx::raw_sql(), avoiding bind parameters entirely.
Alternatively, connecting as the postgres superuser avoids the permission error, but that's not suitable for production.
Environment
- DoltgreSQL:
dolthub/doltgresql:latest(Docker), version 0.55.0 - Client: SQLx 0.8 (Rust) via extended query protocol
- Non-superuser database connection