Обсуждение: Table permissions

Поиск
Список
Период
Сортировка

Table permissions

От
Milen Dzhumerov
Дата:
Hi all,

I had the need to find the user permissions of several tables. I figured
out that if I submit the query
SELECT relacl FROM pg_catalog.pg_class WHERE relname = 'tablename';
I get the permissions but for the table name in all schemas and not only
the one I'm interested in. Then I took a look at psql's source and I
found the query for figuring out the permissions on a table in the
describe.c file
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/bin/psql/describe.c?rev=1.133).
Unfortunately if I try to submit it, it gives me some error. It cannot
recognize the "n.nspname" token and other similar errors. So can anyone
help me with constructing an SQL query to figure out the permissions on
a table in a specific schema? My other question is who has access to the
pg_catalog.* tables? Is it true that every user can examine them? And
are these tables per database or shared across PgSQL? Is is true that
every user can check if he/she has access to a particular table and
examine the ACL string? And how can I determine if a user can change
permissions for other users?

Kind regards,
gamehack

Re: Table permissions

От
Peter Eisentraut
Дата:
Milen Dzhumerov wrote:
> Unfortunately if I try to submit it, it gives me some
> error.

You need to post your exact input and the exact output.  Otherwise we're
just guessing.

> My other
> question is who has access to the pg_catalog.* tables?

Everybody.

> And are these tables per database
> or shared across PgSQL?

Most of them are per database, only a few of them are shared.

> Is is true that every user can check if
> he/she has access to a particular table and examine the ACL string?

Yes.

> And how can I determine if a user can change permissions for other
> users?

You can check the grant options available to the user.

--
Peter Eisentraut
http://developer.postgresql.org/~petere/

Re: Table permissions

От
Milen Dzhumerov
Дата:
Peter Eisentraut wrote:
> Milen Dzhumerov wrote:
>
>> Unfortunately if I try to submit it, it gives me some
>> error.
>>
>
> You need to post your exact input and the exact output.  Otherwise we're
> just guessing.
>
>
>> My other
>> question is who has access to the pg_catalog.* tables?
>>
>
> Everybody.
>
>
>> And are these tables per database
>> or shared across PgSQL?
>>
>
> Most of them are per database, only a few of them are shared.
>
>
>> Is is true that every user can check if
>> he/she has access to a particular table and examine the ACL string?
>>
>
> Yes.
>
>
>> And how can I determine if a user can change permissions for other
>> users?
>>
>
> You can check the grant options available to the user.
>
>
I just worked out the query which does the job and wanted to post it so
if anyone wants in the future can refer to this thread. Here's the query:

SELECT pg_catalog.pg_class.relacl AS permissions FROM
pg_catalog.pg_class WHERE pg_catalog.pg_class.relname = 'table_name' AND
pg_catalog.pg_class.relnamespace IN (SELECT pg_catalog.pg_namespace.oid
FROM pg_catalog.pg_namespace WHERE pg_catalog.pg_namespace.nspname =
'schema_name');

Kind regards,
gamehack