Amazon redshift 红移中特定表的查询权限(组和用户)
我正在尝试查找一个查询,该查询允许我以红移方式获取组和用户对特定表的当前权限。我知道如何进行实际的授权,但我花了很长时间找到正确的表来查询以获得现有权限 其他资料: 这将在级联删除并重新创建表的编程操作期间使用,以确保在删除之前重新应用相同的权限。如果有一个选项可以在Python中不使用conn.execute查询来实现这一点,我也愿意这样做 编辑: 我以前确实找到了下面的查询,我尝试了一个简短的快速版本,看看是否可以获取组:Amazon redshift 红移中特定表的查询权限(组和用户),amazon-redshift,Amazon Redshift,我正在尝试查找一个查询,该查询允许我以红移方式获取组和用户对特定表的当前权限。我知道如何进行实际的授权,但我花了很长时间找到正确的表来查询以获得现有权限 其他资料: 这将在级联删除并重新创建表的编程操作期间使用,以确保在删除之前重新应用相同的权限。如果有一个选项可以在Python中不使用conn.execute查询来实现这一点,我也愿意这样做 编辑: 我以前确实找到了下面的查询,我尝试了一个简短的快速版本,看看是否可以获取组: SELECT * FROM ( SELECT sche
SELECT *
FROM
(
SELECT
schemaname
,objectname
,usename
,groname
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'select') AND HAS_TABLE_PRIVILEGE(grp.groname, fullobj, 'select') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS sel
FROM
(
SELECT schemaname, 't' AS obj_type, tablename AS objectname, schemaname + '.' + tablename AS fullobj FROM pg_tables
UNION
SELECT schemaname, 'v' AS obj_type, viewname AS objectname, schemaname + '.' + viewname AS fullobj FROM pg_views
) AS objs
,(SELECT * FROM pg_user) AS usrs
,(SELECT * FROM pg_group) AS grp
ORDER BY fullobj
)
WHERE sel = true
and objectname = 'table_name'
这会给我一个错误,说它找不到作为组名的用户名。您可以使用以下带有objectname筛选器的查询来查找特定表的权限
SELECT *
FROM
(
SELECT
schemaname
,objectname
,usename
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'select') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS sel
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'insert') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ins
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'update') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS upd
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'delete') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS del
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'references') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ref
FROM
(
SELECT schemaname, 't' AS obj_type, tablename AS objectname, schemaname + '.' + tablename AS fullobj FROM pg_tables
UNION
SELECT schemaname, 'v' AS obj_type, viewname AS objectname, schemaname + '.' + viewname AS fullobj FROM pg_views
) AS objs
,(SELECT * FROM pg_user) AS usrs
ORDER BY fullobj
)
WHERE (sel = true or ins = true or upd = true or del = true or ref = true)
and objectname = 'my_table'
可以将以下查询与objectname筛选器一起使用,以查找特定表的权限
SELECT *
FROM
(
SELECT
schemaname
,objectname
,usename
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'select') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS sel
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'insert') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ins
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'update') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS upd
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'delete') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS del
,HAS_TABLE_PRIVILEGE(usrs.usename, fullobj, 'references') AND has_schema_privilege(usrs.usename, schemaname, 'usage') AS ref
FROM
(
SELECT schemaname, 't' AS obj_type, tablename AS objectname, schemaname + '.' + tablename AS fullobj FROM pg_tables
UNION
SELECT schemaname, 'v' AS obj_type, viewname AS objectname, schemaname + '.' + viewname AS fullobj FROM pg_views
) AS objs
,(SELECT * FROM pg_user) AS usrs
ORDER BY fullobj
)
WHERE (sel = true or ins = true or upd = true or del = true or ref = true)
and objectname = 'my_table'
我终于找到了一些我能够为小组挑选的东西,并将它们拼凑在一起:
SELECT
namespace, item, type, groname
FROM
(
SELECT
use.usename AS subject,
nsp.nspname AS NAMESPACE,
cls.relname AS item,
cls.relkind AS TYPE,
use2.usename AS OWNER,
cls.relacl
FROM
pg_user use
CROSS JOIN pg_class cls
LEFT JOIN pg_namespace nsp ON cls.relnamespace = nsp.oid
LEFT JOIN pg_user use2 ON cls.relowner = use2.usesysid
WHERE
cls.relowner = use.usesysid
AND nsp.nspname NOT IN ( 'pg_catalog', 'pg_toast', 'information_schema' )
AND nsp.nspname IN ( 'schema' )
AND relacl IS NOT NULL
ORDER BY
subject,
NAMESPACE,
item
)
JOIN pg_group pu ON array_to_string( relacl, '|' ) LIKE'%' || pu.groname || '%'
除了我终于找到了一些我能够为小组挑选的东西,并将它们散列在一起:
SELECT
namespace, item, type, groname
FROM
(
SELECT
use.usename AS subject,
nsp.nspname AS NAMESPACE,
cls.relname AS item,
cls.relkind AS TYPE,
use2.usename AS OWNER,
cls.relacl
FROM
pg_user use
CROSS JOIN pg_class cls
LEFT JOIN pg_namespace nsp ON cls.relnamespace = nsp.oid
LEFT JOIN pg_user use2 ON cls.relowner = use2.usesysid
WHERE
cls.relowner = use.usesysid
AND nsp.nspname NOT IN ( 'pg_catalog', 'pg_toast', 'information_schema' )
AND nsp.nspname IN ( 'schema' )
AND relacl IS NOT NULL
ORDER BY
subject,
NAMESPACE,
item
)
JOIN pg_group pu ON array_to_string( relacl, '|' ) LIKE'%' || pu.groname || '%'
除了我的问题没有指定,现在我需要更新它,但我正在查找组权限和用户权限我的问题没有指定,现在我需要更新它,但我正在寻找组权限和用户权限。我将使用mdem7中的答案来回答用户。我将使用mdem7中的答案来回答用户。