Postgresql

如何在 PostgreSQL 上列出每個使用者/角色的所有授權

  • February 8, 2022

我在 Postgres CLI 上執行了這些語句(我使用的是 PostgreSQL v13.1):

CREATE ROLE blog_user;
GRANT blog_user TO current_user;

我創建了一個函式

CREATE FUNCTION SIGNUP(username TEXT, email TEXT, password TEXT)
RETURNS jwt_token AS
$$
DECLARE
 token_information jwt_token;
BEGIN
....
END;
$$ LANGUAGE PLPGSQL VOLATILE SECURITY DEFINER;

最後我授予了權限:

GRANT EXECUTE ON FUNCTION SIGNUP(username TEXT, email TEXT, password TEXT) TO anonymous;

我希望在我的模式/數據庫中列出每個使用者/角色的所有授權。\du\du+顯示基本資訊,其中不包含有關最近進行的授權(在函式上執行)的資訊。

雖然以下不是一個完整的解決方案(不包括列 privs,它沒有函式簽名),但您應該希望能夠獲得您要求使用的大部分內容:

SELECT rug.grantor,
       rug.grantee,
       rug.object_catalog,
       rug.object_schema,
       rug.object_name,
       rug.object_type,
       rug.privilege_type,
       rug.is_grantable,
       null::text AS with_hierarchy
   FROM information_schema.role_usage_grants rug
   WHERE rug.object_schema NOT IN ( 'pg_catalog', 'information_schema' )
       AND grantor <> grantee
UNION
SELECT rtg.grantor,
       rtg.grantee,
       rtg.table_catalog,
       rtg.table_schema,
       rtg.table_name,
       tab.table_type,
       rtg.privilege_type,
       rtg.is_grantable,
       rtg.with_hierarchy
   FROM information_schema.role_table_grants rtg
   LEFT JOIN information_schema.tables tab
       ON ( tab.table_catalog = rtg.table_catalog
           AND tab.table_schema = rtg.table_schema
           AND tab.table_name = rtg.table_name )
   WHERE rtg.table_schema NOT IN ( 'pg_catalog', 'information_schema' )
       AND grantor <> grantee
UNION
SELECT rrg.grantor,
       rrg.grantee,
       rrg.routine_catalog,
       rrg.routine_schema,
       rrg.routine_name,
       fcn.routine_type,
       rrg.privilege_type,
       rrg.is_grantable,
       null::text AS with_hierarchy
   FROM information_schema.role_routine_grants rrg
   LEFT JOIN information_schema.routines fcn
       ON ( fcn.routine_catalog = rrg.routine_catalog
           AND fcn.routine_schema = rrg.routine_schema
           AND fcn.routine_name = rrg.routine_name )
   WHERE rrg.specific_schema NOT IN ( 'pg_catalog', 'information_schema' )
       AND grantor <> grantee
UNION
SELECT rug.grantor,
       rug.grantee,
       rug.udt_catalog,
       rug.udt_schema,
       rug.udt_name,
       ''::text AS udt_type,
       rug.privilege_type,
       rug.is_grantable,
       null::text AS with_hierarchy
   FROM information_schema.role_udt_grants rug
   WHERE rug.udt_schema NOT IN ( 'pg_catalog', 'information_schema' )
       AND substr ( rug.udt_schema, 1, 3 ) <> 'pg_'
       AND grantor <> grantee ;

引用自:https://dba.stackexchange.com/questions/285591

相關問答

Postgresql

明確授予更新序列列的序列的權限是必要的嗎?

  • March 12, 2022
檢視問答
Postgresql

無法在 PostgreSQL 12.4 中刪除使用者

  • March 10, 2022
檢視問答
Postgresql

惡意 postgres db 使用者可以對 linux 伺服器做什麼?

  • March 3, 2022
檢視問答
Postgresql

為什麼使用 postgresql 難以為新數據庫的新角色/使用者授予所有權限和特權?

  • February 23, 2022
檢視問答
Postgresql

PostgreSQL 上僅備份使用者的正確角色

  • February 20, 2022
檢視問答
Postgresql

postgresql 9.* - 使用者無法從 SCHEMA 內的 VIEW 中選擇作為預設特權

  • February 11, 2022
檢視問答