postgresql 在postgres中查询表的赠款

alen0pnh  于 12个月前  发布在  PostgreSQL
关注(0)|答案(7)|浏览(146)

如何查询postgres中授予一个对象的所有赠款?
例如,我有一个表“mytable”:

GRANT SELECT, INSERT ON mytable TO user1
GRANT UPDATE ON mytable TO user2

字符串
我需要的东西给我:

user1: SELECT, INSERT
user2: UPDATE

oxalkeyp

oxalkeyp1#

我已经找到了:

SELECT grantee, privilege_type 
FROM information_schema.role_table_grants 
WHERE table_name='mytable'

字符串

fnatzsnv

fnatzsnv2#

来自psql的\z mytable提供了一个表中的所有赠款,但是你必须按单个用户将其拆分。

t30tvxxf

t30tvxxf3#

下面的查询将给予一个列表,其中包含所有用户及其对架构中表的权限。

select a.schemaname, a.tablename, b.usename,
  HAS_TABLE_PRIVILEGE(usename, quote_ident(schemaname) || '.' || quote_ident(tablename), 'select') as has_select,
  HAS_TABLE_PRIVILEGE(usename, quote_ident(schemaname) || '.' || quote_ident(tablename), 'insert') as has_insert,
  HAS_TABLE_PRIVILEGE(usename, quote_ident(schemaname) || '.' || quote_ident(tablename), 'update') as has_update,
  HAS_TABLE_PRIVILEGE(usename, quote_ident(schemaname) || '.' || quote_ident(tablename), 'delete') as has_delete, 
  HAS_TABLE_PRIVILEGE(usename, quote_ident(schemaname) || '.' || quote_ident(tablename), 'references') as has_references 
from pg_tables a, pg_user b 
where a.schemaname = 'your_schema_name' and a.tablename='your_table_name';

字符串
有关has_table_privilages的更多详细信息,请参阅here

k4emjkb1

k4emjkb14#

如果你真的希望每个用户一行,你可以按grantee分组(string_agg需要PG9+)

SELECT grantee, string_agg(privilege_type, ', ') AS privileges
FROM information_schema.role_table_grants 
WHERE table_name='mytable'   
GROUP BY grantee;

字符串
这应该输出如下内容:

grantee |   privileges   
---------+----------------
 user1   | INSERT, SELECT
 user2   | UPDATE
(2 rows)

n6lpvg4x

n6lpvg4x5#

此查询将列出所有数据库和模式中的所有表(取消WHERE子句中的行以筛选特定的数据库、模式或表),并按顺序显示特权,以便很容易查看是否授予了特定的特权:

SELECT grantee
      ,table_catalog
      ,table_schema
      ,table_name
      ,string_agg(privilege_type, ', ' ORDER BY privilege_type) AS privileges
FROM information_schema.role_table_grants 
WHERE grantee != 'postgres' 
--  and table_catalog = 'somedatabase' /* uncomment line to filter database */
--  and table_schema  = 'someschema'   /* uncomment line to filter schema  */
--  and table_name    = 'sometable'    /* uncomment line to filter table  */
GROUP BY 1, 2, 3, 4;

字符串
示例输出:

grantee |table_catalog   |table_schema  |table_name     |privileges     |
--------|----------------|--------------|---------------|---------------|
PUBLIC  |adventure_works |pg_catalog    |pg_sequence    |SELECT         |
PUBLIC  |adventure_works |pg_catalog    |pg_sequences   |SELECT         |
PUBLIC  |adventure_works |pg_catalog    |pg_settings    |SELECT, UPDATE |
...

xbp102n0

xbp102n06#

添加到@shruti的回答
为给定用户查询架构中所有表的赠款

select a.tablename, 
       b.usename, 
       HAS_TABLE_PRIVILEGE(usename,tablename, 'select') as select,
       HAS_TABLE_PRIVILEGE(usename,tablename, 'insert') as insert, 
       HAS_TABLE_PRIVILEGE(usename,tablename, 'update') as update, 
       HAS_TABLE_PRIVILEGE(usename,tablename, 'delete') as delete, 
       HAS_TABLE_PRIVILEGE(usename,tablename, 'references') as references 
from pg_tables a, 
     pg_user b 
where schemaname='your_schema_name' 
      and b.usename='your_user_name' 
order by tablename;

字符串

t98cgbkg

t98cgbkg7#

下面是一个脚本,它为一个特定的表生成授权查询。它忽略了所有者的特权。

SELECT 
    format (
      'GRANT %s ON TABLE %I.%I TO %I%s;',
      string_agg(tg.privilege_type, ', '),
      tg.table_schema,
      tg.table_name,
      tg.grantee,
      CASE
        WHEN tg.is_grantable = 'YES' 
        THEN ' WITH GRANT OPTION' 
        ELSE '' 
      END
    )
  FROM information_schema.role_table_grants tg
  JOIN pg_tables t ON t.schemaname = tg.table_schema AND t.tablename = tg.table_name
  WHERE
    tg.table_schema = 'myschema' AND
    tg.table_name='mytable' AND
    t.tableowner <> tg.grantee
  GROUP BY tg.table_schema, tg.table_name, tg.grantee, tg.is_grantable;

字符串
这里的声明,如果你想得到它的意见:

SELECT 
    format (
      'GRANT %s ON TABLE %I.%I TO %I%s;',
      string_agg(tg.privilege_type, ', '),
      tg.table_schema,
      tg.table_name,
      tg.grantee,
      CASE
        WHEN tg.is_grantable = 'YES' 
        THEN ' WITH GRANT OPTION' 
        ELSE '' 
      END
    )
  FROM information_schema.role_table_grants tg
  JOIN pg_views v ON v.schemaname = tg.table_schema AND v.viewname = tg.table_name
  WHERE
    tg.table_schema = 'myschema' AND
    tg.table_name='myview' 
    AND tg.grantee <> 'myschema'
  GROUP BY tg.table_schema, tg.table_name, tg.grantee, tg.is_grantable

相关问题