在Amazon Redshift中为所有模式授予用户或组的权限
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在Amazon Redshift中为所有模式授予用户或组的权限相关的知识,希望对你有一定的参考价值。
如何使用SQL在Amazon Redshift中的所有模式中列出用户或组的所有授权?
答案
以下查询将为您提供所有用户和组权限。
SELECT derived_table1.schemaname,
derived_table1.objectname,
derived_table1.usename username,
'USER' usertype,
derived_table1.select_flag,
derived_table1.insert_flag,
derived_table1.update_flag,
derived_table1.delete_flag,
derived_table1.reference_flag
FROM ( SELECT objs.schemaname, objs.objectname, usrs.usename,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'select'::text) THEN 1
ELSE 0
END AS select_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'insert'::text) THEN 1
ELSE 0
END AS insert_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'update'::text) THEN 1
ELSE 0
END AS update_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'delete'::text) THEN 1
ELSE 0
END AS delete_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'references'::text) THEN 1
ELSE 0
END AS reference_flag
FROM ( SELECT pg_tables.schemaname, 't'::character varying AS obj_type, pg_tables.tablename AS objectname, (pg_tables.schemaname::text + '.'::text + pg_tables.tablename::text)::character varying AS fullobj
FROM pg_tables
UNION
SELECT pg_views.schemaname, 'v'::character varying AS obj_type, pg_views.viewname AS objectname, (pg_views.schemaname::text + '.'::text + pg_views.viewname::text)::character varying AS fullobj
FROM pg_views) objs,
(
SELECT pg_user.usename
FROM pg_user
) usrs
ORDER BY objs.fullobj) derived_table1
WHERE (derived_table1.select_flag + derived_table1.insert_flag + derived_table1.update_flag + derived_table1.delete_flag + derived_table1.reference_flag) > 0
and schemaname not in ('information_schema','pg_catalog')
union all
select schemname ,
objectname ,
username ,
usertype ,
CASE WHEN CHARINDEX('r', char_perms ) > 0 THEN 1 else 0 end select_flag,
CASE WHEN CHARINDEX('a', char_perms ) > 0 THEN 1 else 0 end insert_flag,
CASE WHEN CHARINDEX('w', char_perms ) > 0 THEN 1 else 0 end update_flag,
CASE WHEN CHARINDEX('d', char_perms ) > 0 THEN 1 else 0 end delete_flag,
CASE WHEN CHARINDEX('x', char_perms ) > 0 THEN 1 else 0 end references_flag
from
(
select namespace schemname,
item objectname,
groname username,
'GROUP' usertype,
SPLIT_PART( SPLIT_PART( ARRAY_TO_STRING( RELACL, '|' ), pu.groname, 2 ) , '/', 1 ) char_perms
from
(
SELECT use.usename AS subject
,nsp.nspname AS namespace
,cls.relname AS item
,cls.relkind AS type
,use2.usename AS owner
,cls.relacl
FROM pg_user use
CROSS JOIN pg_class cls
LEFT JOIN pg_namespace nsp
ON cls.relnamespace = nsp.oid
LEFT JOIN pg_user use2
ON cls.relowner = use2.usesysid
WHERE cls.relowner = use.usesysid
--AND nsp.nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema')
ORDER BY subject
,namespace
,item )
JOIN pg_group pu ON array_to_string(relacl, '|') LIKE '%'|| pu.groname ||'%'
);
以上是关于在Amazon Redshift中为所有模式授予用户或组的权限的主要内容,如果未能解决你的问题,请参考以下文章
如何授予 Amazon Redshift 用户读取系统表、视图、日志等的访问权限?
Amazon Redshift 修改由其他用户创建的视图定义
Redshift 中的 DAU WAU MAU 错误:[Amazon](500310) 无效操作:由于内部错误,不支持此类关联子查询模式;