在postgres中查询表格的授权
我如何查询所有授予postgres对象的授予?
例如,我有表“mytable”:
GRANT SELECT, INSERT ON mytable TO user1 GRANT UPDATE ON mytable TO user2 我需要一些东西给我:
user1: SELECT, INSERT user2: UPDATE
\z mytable psql中的\z mytable为您提供了表格中的所有授权,但是您必须由个人用户分割它。
我已经find它了:
SELECT grantee, privilege_type FROM information_schema.role_table_grants WHERE table_name='mytable'
如果你真的想要每个用户一行,你可以按专业人员(要求PG9 +为string_agg)
SELECT grantee, string_agg(privilege_type, ', ') AS privileges FROM information_schema.role_table_grants WHERE table_name='mytable' GROUP BY grantee;
这应该输出像这样的东西:
grantee | privileges ---------+---------------- user1 | INSERT, SELECT user2 | UPDATE (2 rows)
尝试下面的查询。 它会给你所有用户及其在桌面上的权限列表。
select a.tablename,b.usename,HAS_TABLE_PRIVILEGE(usename,tablename, 'select') as select, HAS_TABLE_PRIVILEGE(usename,tablename, 'insert') as insert, HAS_TABLE_PRIVILEGE(usename,tablename, 'update') as update, HAS_TABLE_PRIVILEGE(usename,tablename, 'delete') as delete, HAS_TABLE_PRIVILEGE(usename,tablename, 'references') as references from pg_tables a , pg_user b where a.tablename='your_table_name';
这是一个为特定表生成授权查询的脚本。 它省略了所有者的特权。
SELECT format ( 'GRANT %s ON TABLE %I.%I TO %I%s;', string_agg(tg.privilege_type, ', '), tg.table_schema, tg.table_name, tg.grantee, CASE WHEN tg.is_grantable = 'YES' THEN ' WITH GRANT OPTION' ELSE '' END ) FROM information_schema.role_table_grants tg JOIN pg_tables t ON t.schemaname = tg.table_schema AND t.tablename = tg.table_name WHERE tg.table_schema = 'myschema' AND tg.table_name='mytable' AND t.tableowner <> tg.grantee GROUP BY tg.table_schema, tg.table_name, tg.grantee, tg.is_grantable;
此查询将列出所有数据库和模式中的所有表(取消注释WHERE子句中的行以按特定的table_name进行过滤),并按顺序显示特权,以便查看是否授予特定特权:
SELECT grantee, table_catalog, table_schema, table_name , string_agg(privilege_type, ', ' ORDER BY privilege_type) AS privileges FROM information_schema.role_table_grants WHERE true -- and table_name='mytable' /* uncomment line to filter specific table */ GROUP BY 1, 2, 3, 4;
