Search Postgresql Archives

Re: "grant usage on schema" confers the ability to execute all user-defined functions in that schema, with needing to grant "execute"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Feb 12, 2022 at 8:43 PM Bryn Llewellyn <bryn@xxxxxxxxxxxx> wrote:
> I.e. three facts per row: grantee, privilege, and grantee. Then I did this:
> with c as (
>   select
>     proname::text                     as name,
>     pronamespace::regnamespace::text  as schema,
>     aclexplode(proacl)                as "aclexplode(proacl)"
>   from pg_catalog.pg_proc)
> select "aclexplode(proacl)" from c
> where name = 'q' and schema = 's';
>
> This is the result:
>      aclexplode(proacl)
> -----------------------------
>  (1494148,0,EXECUTE,f)
>  (1494148,1494148,EXECUTE,f)
>  (1494148,1494150,EXECUTE,f)

`aclexplode` is a table-valued function, so you normally use it in the
FROM clause.
Here's how I use it on schemas for example:

```
select nspname as name,
       nspowner::regrole::text as owner,
       grantor::regrole::text,
       grantee::regrole::text,
       privilege_type, is_grantable
  from pg_namespace
  left join lateral aclexplode(nspacl) on true
 where ...
 order by nspname
```
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux