| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Christian Hammers <ch(at)lathspell(dot)de> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: "SHOW GRANTS FOR username" or why \z is not enough for me |
| Date: | 2012-07-01 20:03:08 |
| Message-ID: | 27975.1341172988@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Christian Hammers <ch(at)lathspell(dot)de> writes:
> As a newbie Postgres admin I like to double check that my users have
> all necessary rights and more important only those and no more.
> All Postgres commands like \dp, \dt, \dn etc. cannot be filtered
> with WHERE though and are more useful to show the owner of an object
> not to show all objects owned by a user.
> My best approach so far is the following but I took me a while to
> build and I somehow think that there must be a more elegant solution
> like "SHOW GRANTS FOR foo" in MySQL. Any ideas?
has_table_privilege() and sibling functions might help you with that.
The approach you propose is full of holes --- most importantly, that it
will not report privileges held by virtue of being a member of a group,
such as PUBLIC.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pierre-Henry Frohring | 2012-07-02 10:31:58 | pgsql and lion : not taking good header at compilation. |
| Previous Message | Lew | 2012-07-01 17:39:43 | Re: "SHOW GRANTS FOR username" or why \z is not enough for me |