如何查询 Postgres 数据字典以找出特定用户拥有的所有权限。
我一直在寻找解决方案,但找不到任何东西。谢谢,美好的一天
表权限:
SELECT *
FROM information_schema.role_table_grants
WHERE grantee = 'YOUR_USER';
所有权:
SELECT *
FROM pg_tables
WHERE tableowner = 'YOUR_USER';
架构权限:
SELECT r.usename AS grantor,
e.usename AS grantee,
nspname,
privilege_type,
is_grantable
FROM pg_namespace
JOIN LATERAL (SELECT *
FROM aclexplode(nspacl) AS x) a
ON true
JOIN pg_user e
ON a.grantee = e.usesysid
JOIN pg_user r
ON a.grantor = r.usesysid
WHERE e.usename = 'YOUR_USER';
这对我来说是最有效的。简短而干净。
\du
列出了所有用户帐户和角色,\du+
是扩展版本,显示更多信息。
# \du
List of roles
Role name | Attributes | Member of
--------------------+------------------------------------------------------------+-----------
padmin | Superuser, Create role, Create DB | {}
test | | {}
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
root | Superuser, Create role, Create DB | {}
# \du+
List of roles
Role name | Attributes | Member of | Description
--------------------+------------------------------------------------------------+-----------+-------------
padmin | Superuser, Create role, Create DB | {} |
test | | {} |
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} |
root | Superuser, Create role, Create DB | {} |
这个命令对我很有帮助:
\l
这是我的使用方法:
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
------------------------------+-----------------+----------+---------+-------+-------------------------------------
mydb1 | postgres | UTF8 | en_NG | en_NG | =Tc/postgres +
| | | | | postgres=CTc/postgres +
| | | | | myuser=CTc/postgres
mydb2 | postgres | UTF8 | en_NG | en_NG | =Tc/postgres +
| | | | | postgres=CTc/postgres +
| | | | | my_user=CTc/postgres
仅此而已。
我希望这有帮助
您也可以使用它来查看您的用户是否有除 SELECT 以外的任何内容
SELECT * FROM information_schema.role_table_grants WHERE grantee = 'username' AND with_hierarchy = 'YES'
Vao Tsun 关于如何查看架构权限的答案已经过时,并且可能隐藏了很多结果(因为
pg_user
只有可以登录的用户,因此当授予者或被授予者是无法登录的角色时,连接会失败在)。用这个代替:
以下列出了当前数据库的架构和权限。
WITH users AS (select rolname, oid
from pg_roles
union
select 'PUBLIC', 0)
SELECT r.rolname AS grantor,
e.rolname AS grantee,
nspname as schema,
privilege_type,
is_grantable
FROM pg_namespace,
aclexplode(nspacl) AS a
JOIN users AS e
ON a.grantee = e.oid
JOIN users AS r
ON a.grantor = r.oid
-- Add a WHERE clause to limit results to a single user
-- WHERE e.rolname = 'THE_ROLE'