Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"
| От | Dominique Devienne |
|---|---|
| Тема | Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute" |
| Дата | |
| Msg-id | CAFCRh-8VRSVPjtzB8QxrdzuZPSBrrHt4Wk81Rejairj6n_5aWw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute" (Bryn Llewellyn <bryn@yugabyte.com>) |
| Ответы |
Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"
|
| Список | pgsql-general |
On Sat, Feb 12, 2022 at 8:43 PM Bryn Llewellyn <bryn@yugabyte.com> wrote:
> I.e. three facts per row: grantee, privilege, and grantee. Then I did this:
> with c as (
> select
> proname::text as name,
> pronamespace::regnamespace::text as schema,
> aclexplode(proacl) as "aclexplode(proacl)"
> from pg_catalog.pg_proc)
> select "aclexplode(proacl)" from c
> where name = 'q' and schema = 's';
>
> This is the result:
> aclexplode(proacl)
> -----------------------------
> (1494148,0,EXECUTE,f)
> (1494148,1494148,EXECUTE,f)
> (1494148,1494150,EXECUTE,f)
`aclexplode` is a table-valued function, so you normally use it in the
FROM clause.
Here's how I use it on schemas for example:
```
select nspname as name,
nspowner::regrole::text as owner,
grantor::regrole::text,
grantee::regrole::text,
privilege_type, is_grantable
from pg_namespace
left join lateral aclexplode(nspacl) on true
where ...
order by nspname
```
В списке pgsql-general по дате отправления: