Authentik does not honor AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA #20328
Description
Describe the bug
Started a fresh authentik environment i get the following error. Used Postgresql 18.
My default schema is authentik, most of the migrations worked until failing on 0055_groupancestor_groupparentagenode_group_parents.
Running migrations:
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
Applying authentik_core.0055_groupancestor_groupparentagenode_group_parents...
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"event":"backend not alive yet","level":"debug","logger":"authentik.router.unicorn","timestamp":"2026-02-16T15:51:45Z"}
{"domain_url": null, "event": "releasing database lock", "level": "info", "logger": "lifecycle.migrate", "pid": 145, "schema_name": "authentik", "timestamp": "2026-02-16T15:51:45.251042"}
Failed to read config file: ./lifecycle/gunicorn.conf.py
Traceback (most recent call last):
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/utils.py", line 103, in _execute
return self.cursor.execute(sql)
~~~~~~~~~~~~~~~~~~~^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django_prometheus/db/common.py", line 69, in execute
return super().execute(*args, **kwargs)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/psycopg/cursor.py", line 97, in execute
raise ex.with_traceback(None)
psycopg.errors.InsufficientPrivilege: permission denied for schema public
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/ak-root/.venv/lib/python3.13/site-packages/gunicorn/app/base.py", line 110, in get_config_from_filename
spec.loader.exec_module(mod)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^
File "<frozen importlib._bootstrap_external>", line 1027, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/lifecycle/gunicorn.conf.py", line 143, in <module>
run_migrations()
~~~~~~~~~~~~~~^^
File "/lifecycle/migrate.py", line 121, in run_migrations
execute_from_command_line(["", "migrate_schemas"])
~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
utility.execute()
~~~~~~~~~~~~~~~^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/__init__.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/base.py", line 420, in run_from_argv
self.execute(*args, **cmd_options)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/base.py", line 464, in execute
output = self.handle(*args, **options)
File "/ak-root/.venv/lib/python3.13/site-packages/django_tenants/management/commands/migrate_schemas.py", line 66, in handle
executor.run_migrations(tenants=[self.PUBLIC_SCHEMA_NAME])
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django_tenants/migration_executors/standard.py", line 11, in run_migrations
run_migrations(self.args, self.options, self.codename, self.PUBLIC_SCHEMA_NAME)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django_tenants/migration_executors/base.py", line 61, in run_migrations
migrate_command_class(stdout=stdout, stderr=stderr).execute(*args, **options)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/base.py", line 464, in execute
output = self.handle(*args, **options)
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/base.py", line 111, in wrapper
res = handle_func(*args, **kwargs)
File "/ak-root/.venv/lib/python3.13/site-packages/django/core/management/commands/migrate.py", line 353, in handle
post_migrate_state = executor.migrate(
targets,
...<3 lines>...
fake_initial=fake_initial,
)
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/migrations/executor.py", line 135, in migrate
state = self._migrate_all_forwards(
state, plan, full_plan, fake=fake, fake_initial=fake_initial
)
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/migrations/executor.py", line 167, in _migrate_all_forwards
state = self.apply_migration(
state, migration, fake=fake, fake_initial=fake_initial
)
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/migrations/executor.py", line 255, in apply_migration
state = migration.apply(state, schema_editor)
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/migrations/migration.py", line 132, in apply
operation.database_forwards(
~~~~~~~~~~~~~~~~~~~~~~~~~~~^
self.app_label, schema_editor, old_state, project_state
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/ak-root/.venv/lib/python3.13/site-packages/pgtrigger/migrations.py", line 92, in database_forwards
_add_trigger(schema_editor, model, self.trigger)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/pgtrigger/migrations.py", line 39, in _add_trigger
schema_editor.execute(trigger.install_sql, params=None)
~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/pgtrigger/migrations.py", line 483, in execute
return super().execute(*args, **kwargs)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/postgresql/schema.py", line 45, in execute
return super().execute(sql, params)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/base/schema.py", line 204, in execute
cursor.execute(sql, params)
~~~~~~~~~~~~~~^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/utils.py", line 79, in execute
return self._execute_with_wrappers(
~~~~~~~~~~~~~~~~~~~~~~~~~~~^
sql, params, many=False, executor=self._execute
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)
^
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/utils.py", line 92, in _execute_with_wrappers
return executor(sql, params, many, context)
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/utils.py", line 100, in _execute
with self.db.wrap_database_errors:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/utils.py", line 91, in __exit__
raise dj_exc_value.with_traceback(traceback) from exc_value
File "/ak-root/.venv/lib/python3.13/site-packages/django/db/backends/utils.py", line 103, in _execute
return self.cursor.execute(sql)
~~~~~~~~~~~~~~~~~~~^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/django_prometheus/db/common.py", line 69, in execute
return super().execute(*args, **kwargs)
~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/ak-root/.venv/lib/python3.13/site-packages/psycopg/cursor.py", line 97, in execute
raise ex.with_traceback(None)
django.db.utils.ProgrammingError: permission denied for schema public
How to reproduce
- Setup a new database/user without permissions to
publicschema - Create a schema for the user
authentikand define AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA=authentik - Start authentik-server and wait for failure.
Expected behavior
To migration completes.
Screenshots
No response
Additional context
No response
Deployment Method
Kubernetes
Version
2025.12