在postgresql数据库中,有information_schema.table_privileges这个view,可以直接查看某个用户对于某张表有哪些权限。现在有个需求 ,希望对于database/schema也能这么方便的查询。
database_privileges
SELECT pd.datname AS database_name, COALESCE(NULLIF(role.name, ''::name), 'PUBLIC'::name) AS grantee,
"substring"((
CASE
WHEN "position"(split_part(split_part(','::text || array_to_string(pd.datacl, ','::text), (','::text || role.name::text) || '='::text, 2), '/'::text, 1), 'C'::text) > 0 THEN ',CREATE'::text
ELSE ''::text
END ||
CASE
WHEN "position"(split_part(split_part(','::text || array_to_string(pd.datacl, ','::text), (','::text || role.name::text) || '='::text, 2), '/'::text, 1), 'T'::text) > 0 THEN ',TEMPORARY'::text
ELSE ''::text
END) ||
CASE
WHEN "position"(split_part(split_part(','::text || array_to_string(pd.datacl, ','::text), (','::text || role.name::text) || '='::text, 2), '/'::text, 1), 'c'::text) > 0 THEN ',CONNECT'::text
ELSE ''::text
END, 2, 10000) AS privilege_type
FROM pg_database pd,
( SELECT pg_roles.rolname AS name FROM pg_roles UNION ALL SELECT '' AS name) role
WHERE replace((','::text || array_to_string(pd.datacl, ','::text)),E'\"'::text,''::text) ~~ (('%,'::text || role.name::text) || '=%'::text);
schema_privileges
SELECT pn.nspname AS schema_name,
COALESCE(NULLIF(role.name, ''::name), 'PUBLIC'::name) AS grantee,
"substring"(
CASE
WHEN "position"(split_part(split_part(','::text || array_to_string(pn.nspacl, ','::text), (','::text || role.name::text) || '='::text, 2), '/'::text, 1), 'U'::text) > 0 THEN ',USAGE'::text
ELSE ''::text
END ||
CASE
WHEN "position"(split_part(split_part(','::text || array_to_string(pn.nspacl, ','::text), (','::text || role.name::text) || '='::text, 2), '/'::text, 1), 'C'::text) > 0 THEN ',CREATE'::text
ELSE ''::text
END, 2, 10000) AS privilege_type
FROM pg_namespace pn,
( SELECT pg_roles.rolname AS name
FROM pg_roles
UNION ALL
SELECT ''::name AS name) role
WHERE replace((','::text || array_to_string(pn.nspacl, ','::text)),E'\"'::text,''::text) ~~ (('%,'::text || role.name::text) || '=%'::text) AND pn.nspowner > 1::oid;