如何获取有权访问特定redshift表/架构的用户列表?
PostgreSQL有一个叫做系统信息函数的东西,你可以在这里阅读:https://www.postgresql.org/docs/9.1/static/functions-info.html
您可能感兴趣的功能是has_table_privilege,它有三个参数:
user
table name,
privelege
当我需要找出例如可以在我的users表中插入的角色时,我执行以下操作:
SELECT rolname FROM pg_roles WHERE has_table_privilege(rolname, '<table_name>', 'INSERT')
但是,这些函数与表pg_roles,pg_user和其他表一起可以为您提供有关特权的非常详细的信息。
你也没有指定什么样的访问(INSERT,SELECT,DELETE),但是由于第三个参数,你可以将它组合起来或获得具有任何访问权限的用户列表。
这是一个SQL,为您提供每个对象的选择/插入/更新/删除权限
您可以在使用/注释SQL末尾没有的那些时使用模式,表,用户过滤器。
SELECT *
FROM
(
SELECT
schemaname
,objectname
,usename
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'select') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS sel
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'insert') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ins
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'update') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS upd
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'delete') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS del
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'references') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ref
FROM
(
SELECT schemaname, 't' AS obj_type, tablename AS objectname, schemaname + '.' + tablename AS fullobj FROM pg_tables
UNION
SELECT schemaname, 'v' AS obj_type, viewname AS objectname, schemaname + '.' + viewname AS fullobj FROM pg_views
) AS objs
,(SELECT * FROM pg_user) AS usrs
ORDER BY fullobj
)
WHERE (sel = true or ins = true or upd = true or del = true or ref = true)
and usename = '<user>'. -- for a user filter
and schemaname = '<schema>'. -- for a schema filter
and objectname = '<table or view>'. -- for a table filter
输出看起来像这样
schemaname objectname usename sel ins upd del ref
information_schema applicable_roles user1 true false false false false
information_schema check_constraints user1 true false false false false
information_schema column_domain_usage user1 true false false false false
如果您希望仅查看具有访问特定架构/表的用户,请使用所需的过滤器并将第一行更改为
SELECT distinct usename