Diagnostic Queries
Symptoms
A role tried to read or advance a sequence (often implicitly via a serial/bigserial column or nextval()) without USAGE or UPDATE on that sequence. PostgreSQL reports SQLSTATE 42501.
- INSERTs into a table with a serial column fail even though the role can INSERT.
- Calling
nextval()/setval()is rejected. - The sequence privilege is separate from the table privilege.
What the server log shows
ERROR: permission denied for sequence orders_id_seqWhy PostgreSQL raises this — what the manual says
the GRANT reference (Notes):
“In the SQL standard, sequences only have a USAGE privilege, which controls the use of the NEXT VALUE FOR expression, which is equivalent to the function nextval in PostgreSQL.”
A serial default calls nextval() on an owned sequence. The role doing the INSERT needs USAGE (or UPDATE) on that sequence in addition to INSERT on the table; otherwise the default expression fails with 42501.
Common causes
- Granting table privileges but forgetting the backing sequence.
- A new role that lacks sequence access in the schema.
- Restoring data where sequence grants were not reproduced.
How to fix it
- Grant the sequence:
GRANT USAGE ON SEQUENCE orders_id_seq TO app_user;. - Grant all sequences in a schema at once:
GRANT USAGE ON ALL SEQUENCES IN SCHEMA app TO app_user;. - Add default privileges for future sequences:
ALTER DEFAULT PRIVILEGES IN SCHEMA app GRANT USAGE ON SEQUENCES TO app_user;.
Diagnostic query
-- List sequences and whether the role can use them
SELECT c.relname,
has_sequence_privilege('app_user', c.oid, 'USAGE') AS can_use
FROM pg_class c WHERE c.relkind = 'S';Related & next steps
Reference: PostgreSQL 18 — GRANT.
Was this helpful?
Thanks — noted. This helps keep the database accurate.