【发布时间】:2020-09-22 01:23:26
【问题描述】:
如果您想检查用户有权访问的角色,PostgreSQL 中没有简单的方法。在information_schema 中有关系enabled_roles 和applicable roles,但它们只提供current_user 的权限。那么我如何才能访问 any 用户的相同信息?
【问题讨论】:
标签: postgresql
【发布时间】:2020-09-22 01:23:26
【问题描述】:
诀窍是对系统目录关系pg_roles和pg_auth_members进行递归查询:
WITH RECURSIVE membership_tree(grpid, userid) AS (
-- Get all roles and list them as their own group as well
SELECT pg_roles.oid, pg_roles.oid
FROM pg_roles
UNION ALL
-- Now add all group membership
SELECT m_1.roleid, t_1.userid
FROM pg_auth_members m_1, membership_tree t_1
WHERE m_1.member = t_1.grpid
)
SELECT DISTINCT t.userid, r.rolname AS usrname, t.grpid, m.rolname AS grpname
FROM membership_tree t, pg_roles r, pg_roles m
WHERE t.grpid = m.oid AND t.userid = r.oid
ORDER BY r.rolname, m.rolname;
这提供了系统中具有所有继承角色成员资格的所有用户的视图。将其包装在视图中,以便始终使用此实用程序。
干杯, 帕特里克
【讨论】:
这非常有帮助,因为我正在寻找这类信息。调整上面的工作以包含一个级别来跟踪继承
WITH RECURSIVE membership_tree(grpid, userid, lvl) AS (
-- Get all roles and list them as their own group as well
SELECT
pg_roles.oid
, pg_roles.oid
, 0
FROM
pg_roles
UNION ALL
-- Now add all group membership
SELECT
m_1.roleid
, t_1.userid
, lvl + 1
FROM
pg_auth_members m_1
INNER JOIN
membership_tree t_1
ON
m_1.member = t_1.grpid
)
SELECT DISTINCT
t.userid
, r.rolname AS usrname
, t.grpid
, m.rolname AS grpname
, t.lvl
FROM
membership_tree t
INNER JOIN
pg_roles r
ON
t.userid = r.oid
INNER JOIN
pg_roles m
ON
t.grpid = m.oid
ORDER BY
r.rolname
, t.lvl
, m.rolname;
【讨论】: