Обсуждение: Table permissions
Hi all, I had the need to find the user permissions of several tables. I figured out that if I submit the query SELECT relacl FROM pg_catalog.pg_class WHERE relname = 'tablename'; I get the permissions but for the table name in all schemas and not only the one I'm interested in. Then I took a look at psql's source and I found the query for figuring out the permissions on a table in the describe.c file (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/bin/psql/describe.c?rev=1.133). Unfortunately if I try to submit it, it gives me some error. It cannot recognize the "n.nspname" token and other similar errors. So can anyone help me with constructing an SQL query to figure out the permissions on a table in a specific schema? My other question is who has access to the pg_catalog.* tables? Is it true that every user can examine them? And are these tables per database or shared across PgSQL? Is is true that every user can check if he/she has access to a particular table and examine the ACL string? And how can I determine if a user can change permissions for other users? Kind regards, gamehack
Milen Dzhumerov wrote: > Unfortunately if I try to submit it, it gives me some > error. You need to post your exact input and the exact output. Otherwise we're just guessing. > My other > question is who has access to the pg_catalog.* tables? Everybody. > And are these tables per database > or shared across PgSQL? Most of them are per database, only a few of them are shared. > Is is true that every user can check if > he/she has access to a particular table and examine the ACL string? Yes. > And how can I determine if a user can change permissions for other > users? You can check the grant options available to the user. -- Peter Eisentraut http://developer.postgresql.org/~petere/
Peter Eisentraut wrote: > Milen Dzhumerov wrote: > >> Unfortunately if I try to submit it, it gives me some >> error. >> > > You need to post your exact input and the exact output. Otherwise we're > just guessing. > > >> My other >> question is who has access to the pg_catalog.* tables? >> > > Everybody. > > >> And are these tables per database >> or shared across PgSQL? >> > > Most of them are per database, only a few of them are shared. > > >> Is is true that every user can check if >> he/she has access to a particular table and examine the ACL string? >> > > Yes. > > >> And how can I determine if a user can change permissions for other >> users? >> > > You can check the grant options available to the user. > > I just worked out the query which does the job and wanted to post it so if anyone wants in the future can refer to this thread. Here's the query: SELECT pg_catalog.pg_class.relacl AS permissions FROM pg_catalog.pg_class WHERE pg_catalog.pg_class.relname = 'table_name' AND pg_catalog.pg_class.relnamespace IN (SELECT pg_catalog.pg_namespace.oid FROM pg_catalog.pg_namespace WHERE pg_catalog.pg_namespace.nspname = 'schema_name'); Kind regards, gamehack