Amazon redshift 如何在红移中找出授予特定组的权限
我正在使用亚马逊AWS红移(8.0.2版本)。我创建了一个组,授予了下面的2个权限,并向该组添加了一个用户 如果我选中Amazon redshift 如何在红移中找出授予特定组的权限,amazon-redshift,Amazon Redshift,我正在使用亚马逊AWS红移(8.0.2版本)。我创建了一个组,授予了下面的2个权限,并向该组添加了一个用户 如果我选中pg_group,我可以看到属于此组的用户。 但我也希望看到授予该组的权限 例如 redshift=# create group group1; CREATE GROUP redshift=# grant select on public.table_mar19_test2 to group group1; GRANT redshift=# alter group group
pg_groupredshift=# create group group1;
CREATE GROUP
redshift=# grant select on public.table_mar19_test2 to group group1;
GRANT
redshift=# alter group group1 add user user001;
ALTER GROUP
redshift=# select * from pg_group
groname | grosysid | grolist
---------------+----------+-----------
group1 | 101 | {148}
(1 rows)
是否有任何sql查询来查找授予此组的
selectselect relacl ,
'grant ' || substring(
case when charindex('r',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',select ' else '' end
||case when charindex('w',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',update ' else '' end
||case when charindex('a',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',insert ' else '' end
||case when charindex('d',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',delete ' else '' end
||case when charindex('R',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',rule ' else '' end
||case when charindex('x',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',references ' else '' end
||case when charindex('t',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',trigger ' else '' end
||case when charindex('X',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',execute ' else '' end
||case when charindex('U',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',usage ' else '' end
||case when charindex('C',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',create ' else '' end
||case when charindex('T',split_part(split_part(array_to_string(relacl, '|'),pu.groname,2 ) ,'/',1)) > 0 then ',temporary ' else '' end
, 2,10000)
|| ' on '||namespace||'.'||item ||' to "'||pu.groname||'";' as grantsql
from
(SELECT
use.usename as subject,
nsp.nspname as namespace,
c.relname as item,
c.relkind as type,
use2.usename as owner,
c.relacl
FROM
pg_user use
cross join pg_class c
left join pg_namespace nsp on (c.relnamespace = nsp.oid)
left join pg_user use2 on (c.relowner = use2.usesysid)
WHERE
c.relowner = use.usesysid
and nsp.nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema')
ORDER BY
subject, namespace, item
) join pg_group pu on array_to_string(relacl, '|') like '%'||pu.groname||'%'
where relacl is not null
and pu.groname='group1'
order by 2
下面的视图创建了所有用户和组权限的简化视图
CREATE OR REPLACE VIEW dict.dba_tab_privs
AS
SELECT derived_table1.schemaname,
derived_table1.objectname,
derived_table1.usename username,
'USER' usertype,
derived_table1.select_flag,
derived_table1.insert_flag,
derived_table1.update_flag,
derived_table1.delete_flag,
derived_table1.reference_flag
FROM ( SELECT objs.schemaname, objs.objectname, usrs.usename,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'select'::text) THEN 1
ELSE 0
END AS select_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'insert'::text) THEN 1
ELSE 0
END AS insert_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'update'::text) THEN 1
ELSE 0
END AS update_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'delete'::text) THEN 1
ELSE 0
END AS delete_flag,
CASE
WHEN has_table_privilege(usrs.usename, objs.fullobj::text, 'references'::text) THEN 1
ELSE 0
END AS reference_flag
FROM ( SELECT pg_tables.schemaname, 't'::character varying AS obj_type, pg_tables.tablename AS objectname, (pg_tables.schemaname::text + '.'::text + pg_tables.tablename::text)::character varying AS fullobj
FROM pg_tables
UNION
SELECT pg_views.schemaname, 'v'::character varying AS obj_type, pg_views.viewname AS objectname, (pg_views.schemaname::text + '.'::text + pg_views.viewname::text)::character varying AS fullobj
FROM pg_views) objs,
(
SELECT pg_user.usename
FROM pg_user
) usrs
ORDER BY objs.fullobj) derived_table1
WHERE (derived_table1.select_flag + derived_table1.insert_flag + derived_table1.update_flag + derived_table1.delete_flag + derived_table1.reference_flag) > 0
and schemaname not in ('information_schema','pg_catalog')
union all
select schemname ,
objectname ,
username ,
usertype ,
CASE WHEN CHARINDEX('r', char_perms ) > 0 THEN 1 else 0 end select_flag,
CASE WHEN CHARINDEX('a', char_perms ) > 0 THEN 1 else 0 end insert_flag,
CASE WHEN CHARINDEX('w', char_perms ) > 0 THEN 1 else 0 end update_flag,
CASE WHEN CHARINDEX('d', char_perms ) > 0 THEN 1 else 0 end delete_flag,
CASE WHEN CHARINDEX('x', char_perms ) > 0 THEN 1 else 0 end references_flag/*,
CASE WHEN CHARINDEX('R', char_perms ) > 0 THEN 1 else 0 end rule_flag,
CASE WHEN CHARINDEX('t', char_perms ) > 0 THEN 1 else 0 end trigger_flag,
CASE WHEN CHARINDEX('X', char_perms ) > 0 THEN 1 else 0 end execute_flag,
CASE WHEN CHARINDEX('U', char_perms ) > 0 THEN 1 else 0 end usage_flag,
CASE WHEN CHARINDEX('C', char_perms ) > 0 THEN 1 else 0 end create_flag,
CASE WHEN CHARINDEX('T', char_perms ) > 0 THEN 1 else 0 end temporary_flag*/
from
(
select namespace schemname,
item objectname,
groname username,
'GROUP' usertype,
SPLIT_PART( SPLIT_PART( ARRAY_TO_STRING( RELACL, '|' ), pu.groname, 2 ) , '/', 1 ) char_perms
from
(
SELECT use.usename AS subject
,nsp.nspname AS namespace
,cls.relname AS item
,cls.relkind AS type
,use2.usename AS owner
,cls.relacl
FROM pg_user use
CROSS JOIN pg_class cls
LEFT JOIN pg_namespace nsp
ON cls.relnamespace = nsp.oid
LEFT JOIN pg_user use2
ON cls.relowner = use2.usesysid
WHERE cls.relowner = use.usesysid
AND nsp.nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema')
ORDER BY subject
,namespace
,item )
JOIN pg_group pu ON array_to_string(relacl, '|') LIKE '%'|| pu.groname ||'%'
)
谢谢你,迈克。此外,我能够生成关于授予组的模式和数据库授权的授权语句。。非常感谢当我运行此查询时,我得到了错误:
错误:42602:无效的名称语法