How to take entire database store procedures full scripts same as the MS SQL 2008 R2 Generate Script feature. Need help.
The following query will return the complete DDL statements for each function that is owned by the current user in the schema public:
select pg_get_functiondef(p.oid)||';'
from pg_proc p
join pg_namespace n on n.oid = p.pronamespace
join pg_user u on u.usesysid = p.proowner
where n.nspname = 'public'
and p.prokind <> 'a'
and u.usename = current_user;
prokind <> 'a' is necessary because pg_get_functiondef() doesn't work with user defined aggregate functions.
If you want the functions from a different schema or owner, just change the where conditions accordingly.
You can spool the output to a file to get a SQL script containing all functions.
Related
I am trying to write a function to determine the sequences related to a given table name, in the query within the function, I went with something like this:
select s.relname as sec from pg_class s
join pg_depend d on d.objid=s.oid and d.classid='pg_class'::regclass
and d.refclassid='pg_class'::regclass
join pg_class t on t.oid=d.refobjid
join pg_namespace n on n.oid=t.relnamespace
join pg_attribute a on a.attrelid=t.oid and a.attnum=d.refobjsubid
where s.relkind='S' and t.relname = 'table_name'
However it doesn't seem to find all the sequences that exists, i.e. for some tables, it just doesn't find the related sequences, but for certain ones it does.
In Redshift, I am checking Users' grants. How do I know if they can alter tables?
I can know if they can drop tables because "Only the owner of the table, the schema owner, or a superuser can drop a table." - https://docs.aws.amazon.com/redshift/latest/dg/r_DROP_TABLE.html No such qualification exists for alter table: https://docs.aws.amazon.com/redshift/latest/dg/r_ALTER_TABLE.html
HAS_TABLE_PRIVILEGE provides info about other privileges, but not alter table: https://docs.aws.amazon.com/redshift/latest/dg/r_HAS_TABLE_PRIVILEGE.html
I got a response from AWS Support. tl;dr: alter table can be run by those, and only those, who can drop table.
"""
This is because, determining whether or not a user can alter a table, works in a similar way to that were one determines whether or not a given user can drop a table. That is, only the owner of the table, the schema owner, or a superuser can Alter a table. According to our documentation, "The right to modify or destroy an object is always the privilege of the owner only." [1].
[1] Default database user privileges - https://docs.aws.amazon.com/redshift/latest/dg/r_Privileges.html
Therefore, to see the users with alter table permissions for a specific table, there is need to determine the owner of that specific table by running the following command:
Kindly note that in this example, the 'sales' table is used. You can edit this as you see fit. To see all the table owners, the AND section of the WHERE clause can be removed.
====Query to see table owners====
SELECT n.nspname AS schema_name
, pg_get_userbyid(c.relowner) AS table_owner
, c.relname AS table_name
, CASE WHEN c.relkind = 'v' THEN 'view' ELSE 'table' END
AS table_type
, d.description AS table_description
FROM pg_class As c
LEFT JOIN pg_namespace n ON n.oid = c.relnamespace
LEFT JOIN pg_tablespace t ON t.oid = c.reltablespace
LEFT JOIN pg_description As d
ON (d.objoid = c.oid AND d.objsubid = 0)
WHERE c.relkind IN('r', 'v')
AND c.relname = 'sales'
ORDER BY n.nspname, c.relname;
You can also see all the superusers who have permissions to Alter table by running the following query:
====Query to see superusers====
SELECT usename FROM pg_user WHERE usesuper = 'true';
The combination of both results will enable you to see all the users which have alter table permissions.
"""
I have a lot of functions and stored procedures in my PostgreSQL database that is dependent on each other. I want to run a script that will compile those function fist which is independent and not referring any other functions. Then I want to compile next level functions and so on until I reach top level function.
SQL Server has sys.sql_expression_dependencies table which keeps track of referencing objects and referenced objects? Do we have anything like that in Postgres? if not how to achieve it.
What is reason? PostgreSQL PL/pgSQL functions has not compile (better validation) time dependency. There is runtime dependency only. Currently there is not a tool for this purpose, what I know. But some dependency can be taken from PL profiler https://bitbucket.org/openscg/plprofiler.
You can try this query:
select t.*, f.* from
(
SELECT table_name,table_schema,
table_schema||'.'||table_name full_name,
table_type
FROM information_schema.tables
WHERE table_schema not in ('information_schema') and table_schema not like 'pg%'
) t
JOIN
(
SELECT n.nspname AS schema_name,
p.proname AS function_name,
pg_get_function_arguments(p.oid) AS args,
pg_get_functiondef(p.oid) AS func_def
FROM pg_proc p
JOIN pg_namespace n ON n.oid = p.pronamespace
WHERE n.nspname not in ('pg_catalog','information_schema') and n.nspname not like 'pg%'
) f
on position(t.table_name in f.func_def) >0
Need to extract the source of a PostgreSQL function using SQL.
I am seeing this odd behavior with one of the function, all other functions (around 200+ ) work absolutely fine.
When I run the following statement, it works:
select prosrc from pg_proc where proname= 'accounts_count';
However when I run the following, it returns an empty string:
select routine_definition
from information_schema.routines
where specific_name = 'accounts_count_66243'
PostgreSQL version 8.3. I have tried using both pgAdmin III and psql.
Not a show stopper, but would be useful to know why this might be.
Any ideas anyone?
if you look on definition of information_schema.routines, then you can find following filter:
FROM pg_namespace n, pg_proc p, pg_language l, pg_type t, pg_namespace nt
WHERE n.oid = p.pronamespace AND p.prolang = l.oid AND p.prorettype = t.oid
AND t.typnamespace = nt.oid AND (pg_has_role(p.proowner, 'USAGE'::text)
OR has_function_privilege(p.oid, 'EXECUTE'::text));
so my theory:
there are some issue in rights and ownership of related function (probably) - try to use different account for validation of this theory (postgres is best)
What is the recommended way to figure out if a user got a certain right (e.g. select or execute) on a certain class (e.g. table or function) in PostgreSQL?
At the moment I got something like
aclcontains(
someColumnWithAclitemArray,
makeaclitem(userOid,grantorOid,someRight,false))
but it's terrible since I have to check for every grantorOid that is possible and for every userOid the user can belong to.
On a related note: what are the possible rights you can test for?
I haven't found any documentation but reading the source code I guess:
INSERT
SELECT
UPDATE
DELETE
TRUNCATE
REFERENCES
TRIGGER
EXECUTE
USAGE
CREATE
CONNECT
There also seems to be a CREATE TEMP right, but I can't figure out the correct text to use in the makeaclitem-function.
I've found that a better approach (and I seem to remember this was taken from some queries built into psql, or maybe the information_schema views) is to use the has_*_privilege functions, and simply apply them to a set of all possible combinations of user and object. This will take account of having access to an object via some group role as well.
For example, this will show which users have which access to non-catalogue tables and views:
select usename, nspname || '.' || relname as relation,
case relkind when 'r' then 'TABLE' when 'v' then 'VIEW' end as relation_type,
priv
from pg_class join pg_namespace on pg_namespace.oid = pg_class.relnamespace,
pg_user,
(values('SELECT', 1),('INSERT', 2),('UPDATE', 3),('DELETE', 4)) privs(priv, privorder)
where relkind in ('r', 'v')
and has_table_privilege(pg_user.usesysid, pg_class.oid, priv)
and not (nspname ~ '^pg_' or nspname = 'information_schema')
order by 2, 1, 3, privorder;
The possible privileges are detailed in the description of the has_*_privilege functions at http://www.postgresql.org/docs/current/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE.
'CREATE TEMP' is a database-level privilege: it permits a user to use a pg_temp_* schema. It can be tested with has_database_privilege(useroid, datoid, 'TEMP').
Take a look at the "Access Privilege Inquiry Functions" and also the "GRANT" reference page.
Because Redshift is supporting values() only in INSERT INTO queries, the below query can be used with the obviously not-so-nice union all select.
select usename, nspname || '.' || relname as relation,
case relkind when 'r' then 'table' when 'v' then 'view' end as relation_type,
priv
from pg_class join pg_namespace on pg_namespace.oid = pg_class.relnamespace,
pg_user,
(select 'select' as priv,1 as privorder union all select 'insert',2 union all select 'update',3 union all select 'delete',4)
where relkind in ('r', 'v')
and has_table_privilege(pg_user.usesysid, pg_class.oid, priv)
and not (nspname ~ '^pg_' or nspname = 'information_schema')
order by 2, 1, 3, privorder;
Edit:
Also, I realized, that in our db Dataiku creates tables that can have CAPITAL letter in them, so, if table not exist error happens, you should use the lower() function