I have looked into the documentation for GRANT Found here and I was trying to see if there is a built-in function that can let me look at what level of accessibility I have in databases. Of course there is:
\dp and \dp mytablename
But this does not show what my account has access to. I would like to see ALL the tables I have access to. Can anyone tell me if there is a command that can check my level of access in Postgres (whether I have SELECT, INSERT, DELETE, UPDATE privileges)? And if so, what would that command be?
You could query the table_privileges table in the information schema:
SELECT table_catalog, table_schema, table_name, privilege_type
FROM information_schema.table_privileges
WHERE grantee = 'MY_USER'
For all users on a specific database, do the following:
# psql
\c your_database
select grantee, table_catalog, privilege_type, table_schema, table_name from information_schema.table_privileges order by grantee, table_schema, table_name;
Use this to list Grantee too and remove (PG_monitor and Public) for Postgres PaaS Azure.
SELECT grantee,table_catalog, table_schema, table_name, privilege_type
FROM information_schema.table_privileges
WHERE grantee not in ('pg_monitor','PUBLIC');
Related
As the documentation said:
PUBLIC can be thought of as an implicitly defined group that always includes all roles. Any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a member of, and privileges granted to PUBLIC.
We can grant privileges for PUBLIC like this:
GRANT SELECT ON table_1 TO PUBLIC;
GRANT USAGE ON SCHEMA schema_1 TO PUBLIC;
GRANT EXECUTE ON FUNCTION func_1 TO PUBLIC;
If I want to revoke such public privileges, I should know the granted privilege list first. But I can't find a good way to get the list because PUBLIC is not a role, thus many builtin functions like has_table_privilege cannot be used.
Now I have found some tables in information_schema may help, but there are still some attributes like SCHEMA I cannot find a list for them.
How to get the PUBLIC's granted SCHEMA privilege list? Or is there a better way to get all the privileges?
-- get granted table and view privileges
SELECT table_schema, table_name, string_agg(privilege_type, ',') AS privileges
FROM information_schema.table_privileges
WHERE grantee='PUBLIC' AND table_schema NOT LIKE 'pg_%' AND table_schema != 'information_schema'
GROUP BY table_schema, table_name;
-- get granted function privileges
SELECT routine_schema, routine_name, string_agg(privilege_type, ',') AS privileges
FROM information_schema.routine_privileges
WHERE grantee='PUBLIC' AND routine_schema NOT LIKE 'pg_%' AND routine_schema != 'information_schema'
GROUP BY routine_schema, routine_name;
Privileges for a table are stored in pg_class.relacl which is an array of aclitem.
The content of such an aclitem is documented in the manual, specifically:
An empty grantee field in an aclitem stands for PUBLIC.
So to find all tables (or other objects) that have something granted to the public role, one needs to find entries where at least one aclitem starts with = ("empty grantee field")
There is a contains operator #> for aclitems that can be used to check for specific privileges. But
I couldn't find a way to specify an aclitem value that would search match all privileges granted to public (relacl #> '=*' doesn't seem to work in all cases).
So a workaround might be to simply convert the items to text and use a LIKE condition:
select c.relnamespace::regnamespace::text as table_schema,
c.relname as table_name,
c.relacl
from pg_class c
where relnamespace not in ('pg_catalog'::regnamespace, 'information_schema'::regnamespace)
and exists (select *
from unnest(c.relacl) as x(acl)
where x.acl::text like '=%')
This is a symptom of database and user names being different between my dev/staging/live environments, but is there a way to GRANT permissions to a user, determined by some kind of sub-query?
Something like this (not valid syntax):
GRANT UPDATE (my_column) ON my_table TO (SELECT CASE current_database()
WHEN 'account-dev' THEN 'c-app'
WHEN 'account-staging' THEN 'x-app'
WHEN 'account-live' THEN 'a-app'
END);
Use psql and its wonderful \gexec:
SELECT format(
'GRANT UPDATE (my_column) ON my_table TO %I;',
CASE current_database()
WHEN 'account-dev' THEN 'c-app'
WHEN 'account-staging' THEN 'x-app'
WHEN 'account-live' THEN 'a-app'
END
) \gexec
Alternatively, you can write a DO statement that uses EXECUTE to execute a dynamic statement constructed as above.
I am using a postgresql.
My goal is that grant option should be granted by role
According to Recommendation document said that I have to remove 'public' grantee
When I typed
SELECT grantee, privilege_type
FROM information_schema.role_table_grants
group by grantee, privilege_type;
I got a screenshot what I have done.
To sum up, I want to hide these 2 marked lines. or try not to show up in that query sentence.
what should I do?
p.s I already had used:
revoke update, select on information_schema.role_table_grants from public;
but nothing changed!
Is there any query available to list all tables in my Postgres DB.
I tried out one query like:
SELECT table_name FROM information_schema.tables
WHERE table_schema='public'
But this query returns views also.
How can i get only table names only, not views?
What bout this query (based on the description from manual)?
SELECT table_name
FROM information_schema.tables
WHERE table_schema='public'
AND table_type='BASE TABLE';
If you want list of database
SELECT datname FROM pg_database WHERE datistemplate = false;
If you want list of tables from current pg installation of all databases
SELECT table_schema,table_name FROM information_schema.tables
ORDER BY table_schema,table_name;
Open up the postgres terminal with the databse you would like:
psql dbname (run this line in a terminal)
then, run this command in the postgres environment
\d
This will describe all tables by name. Basically a list of tables by name ascending.
Then you can try this to describe a table by fields:
\d tablename.
Hope this helps.
Try this:
SELECT table_name
FROM information_schema.tables
WHERE table_schema='public' AND table_type='BASE TABLE'
this one works!
SELECT table_name
FROM information_schema.tables
WHERE table_type='BASE TABLE'
AND table_schema='public';
For MySQL you would need table_schema='dbName' and for MSSQL remove that condition.
Notice that "only those tables and views are shown that the current user has access to". Also, if you have access to many databases and want to limit the result to a certain database, you can achieve that by adding condition AND table_catalog='yourDatabase' (in PostgreSQL).
If you'd also like to get rid of the header showing row names and footer showing row count, you could either start the psql with command line option -t (short for --tuples-only) or you can toggle the setting in psql's command line by \t (short for \pset tuples_only). This could be useful for example when piping output to another command with \g [ |command ].
How about giving just \dt in psql? See https://www.postgresql.org/docs/current/static/app-psql.html.
select
relname as table
from
pg_stat_user_tables
where schemaname = 'public'
This will not work if track_activities is disabled
select
tablename as table
from
pg_tables
where schemaname = 'public'
Read more about pg_tables
Where can I find created temporary table in posgresql folders? If I do select * from temp_table; then I got result, but cannot see it structure of my database in the PgAdmin?
Temporary tables get put into a schema called "pg_temp_NNN", where "NNN" indicates which server backend you're connected to. This is implicitly added to your search path in the session that creates them.
Note that you can't access one connection's temp tables via another connection... so depending on how exactly pgAdmin organises its connections, even being able to find the tables in the object explorer might not be useful.
Here is one way to get the name of the pg_temp_nnn schema for your session:
select distinct 'pg_temp_'||sess_id from pg_stat_activity where procpid = pg_backend_pid()
This will identify the session that is running that SQL statement itself, and returns the session id that it is running under.
You can then use this to list all your temporary tables:
select *
from information_schema.tables
where table_schema =
( select distinct 'pg_temp_'||sess_id
from pg_stat_activity
where procpid = pg_backend_pid()
)
Or to get the table structure:
select *
from information_schema.columns
where table_schema =
( select distinct 'pg_temp_'||sess_id
from pg_stat_activity
where procpid = pg_backend_pid()
)
and table_name = 'my_temp_table'
order by ordinal_position