如何查看有权访问redshift表的用户列表?

时间:2018-08-30 22:37:21

标签: sql amazon-redshift

如何获取有权访问特定Redshift表/架构的用户列表?

2 个答案:

答案 0 :(得分:0)

PostgreSQL有一个叫做系统信息功能的东西,您可以在这里阅读:https://www.postgresql.org/docs/9.1/static/functions-info.html

您可能感兴趣的函数是has_table_privilege,它带有三个参数:

user
table name,
privelege

例如,当我需要找出可以在用户表上插入哪些角色时,我将执行以下操作:

SELECT rolname FROM pg_roles WHERE has_table_privilege(rolname, '<table_name>', 'INSERT')

但是,这些功能与表pg_rolespg_user和其他表一起可以为您提供有关特权的非常详细的信息。

您也没有指定哪种访问方式(INSERTSELECTDELETE),但是由于有了第三个参数,您可以将其合并或获取用户列表有。

答案 1 :(得分:0)

这是一条SQL,为您提供选择/插入/更新/删除每个对象的权限

您可以在使用/注释SQL末尾未使用的内容时使用模式,表,用户过滤器。

    SELECT * 
    FROM 
        (
        SELECT 
            schemaname
            ,objectname
            ,usename
            ,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'select') AND has_schema_privilege(usrs.usename, schemaname, 'usage')  AS sel
            ,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'insert') AND has_schema_privilege(usrs.usename, schemaname, 'usage')  AS ins
            ,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'update') AND has_schema_privilege(usrs.usename, schemaname, 'usage')  AS upd
            ,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'delete') AND has_schema_privilege(usrs.usename, schemaname, 'usage')  AS del
            ,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'references') AND has_schema_privilege(usrs.usename, schemaname, 'usage')  AS ref
        FROM
            (
            SELECT schemaname, 't' AS obj_type, tablename AS objectname, schemaname + '.' + tablename AS fullobj FROM pg_tables
            UNION
            SELECT schemaname, 'v' AS obj_type, viewname AS objectname, schemaname + '.' + viewname AS fullobj FROM pg_views
            ) AS objs
            ,(SELECT * FROM pg_user) AS usrs
        ORDER BY fullobj
        )
    WHERE (sel = true or ins = true or upd = true or del = true or ref = true)
    and usename = '<user>'.  -- for a user filter
    and schemaname = '<schema>'. -- for a schema filter
    and objectname = '<table or view>'. -- for a table filter

输出看起来像这样

schemaname          objectname          usename sel     ins     upd     del     ref
information_schema  applicable_roles    user1   true    false   false   false   false
information_schema  check_constraints   user1   true    false   false   false   false
information_schema  column_domain_usage user1   true    false   false   false   false

如果您只想查看有权访问特定架构/表的用户,请使用所需的过滤器,并将第一行更改为

SELECT distinct usename
相关问题
最新问题