On Thu, Oct 12, 2023 at 3:42 PM Jana Mihalidesová <Mihi.Jana@xxxxxxxxx> wrote:
I try to find out some view, select or something what show me the privileges for the user across the whole postgresql cluster. The username/user is global for whole cluster not individual database, so I would like to know the privileges for the user in all databases in the cluster using one view, select.
I know how to list user's privileges in the individual database, but for all databases...
As Tom already mentioned, this is per-DB. So you have to aggregate the privileges yourself,
i.e. connect to any DB, lookup all databases the user can connect to, then connect to each DB
in turn (possibly in parallel using several concurrent connections) to get the privs in that DB.
This presumes the user doing the lookup can connect to at least the DBs that user's has access to.
The query below should get you started on the first part. Just move the can-CONNECT test
to the WHERE-clause instead of the SELECT-clause, and change session_user. --DD
SELECT datname, datdba::regrole::text as owner,
has_database_privilege(session_user, datname, 'CONNECT') as can_connect,
has_database_privilege(session_user, datname, 'CREATE') as can_create
FROM pg_database
WHERE datistemplate = false
has_database_privilege(session_user, datname, 'CONNECT') as can_connect,
has_database_privilege(session_user, datname, 'CREATE') as can_create
FROM pg_database
WHERE datistemplate = false
