| From: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
|---|---|
| To: | Bryn Llewellyn <bryn(at)yugabyte(dot)com> |
| Cc: | Julien Rouhaud <rjuju123(at)gmail(dot)com>, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Tom Lane PostgreSQL <tgl(at)sss(dot)pgh(dot)pa(dot)us>, jeremy(at)musicsmith(dot)net, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute" |
| Date: | 2022-02-14 08:43:52 |
| Message-ID: | CAFCRh-8VRSVPjtzB8QxrdzuZPSBrrHt4Wk81Rejairj6n_5aWw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, Feb 12, 2022 at 8:43 PM Bryn Llewellyn <bryn(at)yugabyte(dot)com> wrote:
> I.e. three facts per row: grantee, privilege, and grantee. Then I did this:
> with c as (
> select
> proname::text as name,
> pronamespace::regnamespace::text as schema,
> aclexplode(proacl) as "aclexplode(proacl)"
> from pg_catalog.pg_proc)
> select "aclexplode(proacl)" from c
> where name = 'q' and schema = 's';
>
> This is the result:
> aclexplode(proacl)
> -----------------------------
> (1494148,0,EXECUTE,f)
> (1494148,1494148,EXECUTE,f)
> (1494148,1494150,EXECUTE,f)
`aclexplode` is a table-valued function, so you normally use it in the
FROM clause.
Here's how I use it on schemas for example:
```
select nspname as name,
nspowner::regrole::text as owner,
grantor::regrole::text,
grantee::regrole::text,
privilege_type, is_grantable
from pg_namespace
left join lateral aclexplode(nspacl) on true
where ...
order by nspname
```
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrus | 2022-02-14 10:04:12 | Re: How to split normal and overtime hours |
| Previous Message | Tom Lane | 2022-02-14 03:53:45 | Re: FDW error on remote view |