Skip site navigation (1) Skip section navigation (2)

Re: "SHOW GRANTS FOR username" or why \z is not enough for me

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Christian Hammers <ch(at)lathspell(dot)de>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: "SHOW GRANTS FOR username" or why \z is not enough for me
Date: 2012-07-01 20:03:08
Message-ID: 27975.1341172988@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-novice
Christian Hammers <ch(at)lathspell(dot)de> writes:
> As a newbie Postgres admin I like to double check that my users have
> all necessary rights and more important only those and no more.

> All Postgres commands like \dp, \dt, \dn etc. cannot be filtered
> with WHERE though and are more useful to show the owner of an object
> not to show all objects owned by a user.

> My best approach so far is the following but I took me a while to
> build and I somehow think that there must be a more elegant solution
> like "SHOW GRANTS FOR foo" in MySQL. Any ideas?

has_table_privilege() and sibling functions might help you with that.
The approach you propose is full of holes --- most importantly, that it
will not report privileges held by virtue of being a member of a group,
such as PUBLIC.

			regards, tom lane

In response to

Responses

pgsql-novice by date

Next:From: Pierre-Henry FrohringDate: 2012-07-02 10:31:58
Subject: pgsql and lion : not taking good header at compilation.
Previous:From: LewDate: 2012-07-01 17:39:43
Subject: Re: "SHOW GRANTS FOR username" or why \z is not enough for me

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group