在Amazon Redshift中为所有模式授予用户或组的权限

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在Amazon Redshift中为所有模式授予用户或组的权限相关的知识,希望对你有一定的参考价值。

如何使用SQL在Amazon Redshift中的所有模式中列出用户或组的所有授权?

答案

以下查询将为您提供所有用户和组权限。

SELECT derived_table1.schemaname, 
    derived_table1.objectname, 
    derived_table1.usename username,  
    'USER' usertype,
    derived_table1.select_flag, 
    derived_table1.insert_flag, 
    derived_table1.update_flag, 
    derived_table1.delete_flag, 
    derived_table1.reference_flag
FROM ( SELECT objs.schemaname, objs.objectname, usrs.usename, 
            CASE
                WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'select'::text) THEN 1
                ELSE 0
            END AS select_flag, 
            CASE
                WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'insert'::text) THEN 1
                ELSE 0
            END AS insert_flag, 
            CASE
                WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'update'::text) THEN 1
                ELSE 0
            END AS update_flag, 
            CASE
                WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'delete'::text) THEN 1
                ELSE 0
            END AS delete_flag, 
            CASE
                WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'references'::text) THEN 1
                ELSE 0
            END AS reference_flag
       FROM ( SELECT pg_tables.schemaname, 't'::character varying AS obj_type, pg_tables.tablename AS objectname, (pg_tables.schemaname::text + '.'::text + pg_tables.tablename::text)::character varying AS fullobj
               FROM pg_tables
              UNION 
             SELECT pg_views.schemaname, 'v'::character varying AS obj_type, pg_views.viewname AS objectname, (pg_views.schemaname::text + '.'::text + pg_views.viewname::text)::character varying AS fullobj
               FROM pg_views) objs, 
               ( 
                  SELECT pg_user.usename 
                  FROM pg_user
                  ) usrs
      ORDER BY objs.fullobj) derived_table1
 WHERE (derived_table1.select_flag + derived_table1.insert_flag + derived_table1.update_flag + derived_table1.delete_flag + derived_table1.reference_flag) > 0
and schemaname not in ('information_schema','pg_catalog')
union all
select schemname ,
   objectname ,
   username ,
   usertype ,
   CASE WHEN CHARINDEX('r', char_perms ) > 0 THEN 1 else 0 end select_flag,
   CASE WHEN CHARINDEX('a', char_perms ) > 0 THEN 1 else 0 end insert_flag,
   CASE WHEN CHARINDEX('w', char_perms ) > 0 THEN 1 else 0 end update_flag,
   CASE WHEN CHARINDEX('d', char_perms ) > 0 THEN 1 else 0 end delete_flag,
   CASE WHEN CHARINDEX('x', char_perms ) > 0 THEN 1 else 0 end references_flag
from
(
select namespace schemname,
       item objectname,
       groname username,
       'GROUP' usertype,
       SPLIT_PART( SPLIT_PART( ARRAY_TO_STRING( RELACL, '|' ), pu.groname, 2 ) , '/', 1 ) char_perms
from
(
SELECT      use.usename AS subject
                    ,nsp.nspname AS namespace
                    ,cls.relname AS item
                    ,cls.relkind AS type
                    ,use2.usename AS owner
                    ,cls.relacl
        FROM        pg_user     use 
        CROSS JOIN  pg_class    cls
        LEFT JOIN   pg_namespace nsp 
        ON          cls.relnamespace = nsp.oid 
        LEFT JOIN   pg_user      use2 
        ON          cls.relowner = use2.usesysid
        WHERE       cls.relowner = use.usesysid
        --AND         nsp.nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema')
        ORDER BY     subject
                    ,namespace
                    ,item ) 
JOIN    pg_group pu ON array_to_string(relacl, '|') LIKE '%'|| pu.groname ||'%' 
);

以上是关于在Amazon Redshift中为所有模式授予用户或组的权限的主要内容,如果未能解决你的问题,请参考以下文章

如何授予 Amazon Redshift 用户读取系统表、视图、日志等的访问权限?

将 Redshift 系统表的权限授予非超级用户

Amazon Redshift 修改由其他用户创建的视图定义

在 aws redshift 中删除用户

Redshift 中的 DAU WAU MAU 错误:[Amazon](500310) 无效操作:由于内部错误,不支持此类关联子查询模式;

在 redshift 中查询时出现权限错误