GaussDB(DWS)运维 -- 可视化权限视图
【摘要】 本文通过解析系统表提供一个易读的对象权限视图
DWS有比较完善的权限管理体系,但是权限信息一般存储在各个对象系统表的acl字段,这些字段可读性比较差,本文通过解析系统表提供一个易读的对象权限视图
CREATE OR REPLACE VIEW public.dfm_object_acl AS
WITH RECURSIVE role_rec AS(
WITH r AS(
SELECT * FROM pg_roles
)
SELECT
r1.rolname AS rolname,
r2.rolname AS member,
quote_ident(r1.rolname) || '->' || quote_ident(r2.rolname) AS member_list,
quote_ident(r3.rolname) AS grantor,
1 AS level
FROM pg_auth_members m
INNER JOIN r r1 ON r1.oid = m.roleid
INNER JOIN r r2 ON r2.oid = m.member
INNER JOIN r r3 ON r3.oid = m.grantor
UNION ALL
SELECT
c.rolname AS rolname,
r2.rolname AS member,
c.member_list || '->' || quote_ident(r2.rolname) AS member_list,
c.grantor || '->' || quote_ident(r3.rolname) AS grantor,
level + 1 AS level
FROM pg_auth_members m
INNER JOIN r r1 ON r1.oid = m.roleid
INNER JOIN r r2 ON r2.oid = m.member
INNER JOIN r r3 ON r3.oid = m.grantor
INNER JOIN role_rec c ON r1.rolname = c.member
),
m_list AS(
SELECT
rolname, string_agg(member_list, E'\n') AS member_list, string_agg(grantor, E'\n') AS grantor
FROM (
SELECT
*, rank() OVER(PARTITION BY rolname ORDER BY level DESC) AS rn
FROM role_rec
)
WHERE rn = 1
GROUP BY rolname
)
SELECT
objtype,
o.rolname AS objowner,
objectschema AS objschema,
objectname AS objname,
subobjectname AS subobjname,
g1.rolname AS grantor,
g2.rolname AS grantee,
privilege,
grantable,
(SELECT string_agg(member_list, E'\t') FROM m_list m WHERE o.rolname <> g1.rolname AND strpos(member_list, o.rolname) = 1 AND g1.rolname::text = any(string_to_array(member_list, '->'))) AS acl_transfer,
CASE WHEN objtype IN ('database') THEN
'REVOKE ' || privilege || ' ON DATABASE ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('nodegroup') THEN
'REVOKE ' || privilege || ' ON NODE GROUP ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('tablespace') THEN
'REVOKE ' || privilege || ' ON TABLESPACE ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('directory') THEN
'REVOKE ' || privilege || ' ON DIRECTORY ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('language') THEN
'REVOKE ' || privilege || ' ON LANGUAGE ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('foreign data wrapper') THEN
'REVOKE ' || privilege || ' ON FOREIGN DATA WRAPPER ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('foreign server') THEN
'REVOKE ' || privilege || ' ON FOREIGN SERVER ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('template') THEN
'REVOKE ' || privilege || ' ON TEMPLATE ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('extension data source') THEN
'REVOKE ' || privilege || ' ON EXTENSION DATA SOURCE ' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('namespace') THEN
'REVOKE ' || privilege || ' ON SCHEMA ' || quote_ident(objectschema) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype = 'attribute' THEN
'REVOKE ' || privilege || '(' || quote_ident(subobjname) ||')'|| ' ON TABLE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype = 'function' THEN
'REVOKE ' || privilege || ' ON FUNCTION ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || '('||pg_get_function_arguments(objoid)||')' || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype = 'type' THEN
'REVOKE ' || privilege || ' ON TYPE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('table', 'view', 'sequence', 'foreign table') THEN
'REVOKE ' || privilege || ' ON TABLE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('default') THEN
'ALTER DEFAULT PRIVILEGES FOR USER ' || quote_ident(g1.rolname) ||
CASE WHEN objschema IS NOT NULL THEN ' IN SCHEMA ' || objschema END
|| ' REVOKE ' || privilege || ' ON ' || objectname || ' FROM ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('role') THEN
'REVOKE ' || objname || ' FROM ' || quote_ident(g2.rolname) || ';'
END AS revoke_acl,
CASE WHEN objtype IN ('database') THEN
'GRANT ' || privilege || ' ON DATABASE ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('nodegroup') THEN
'GRANT ' || privilege || ' ON NODE GROUP ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('tablespace') THEN
'GRANT ' || privilege || ' ON TABLESPACE ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('directory') THEN
'GRANT ' || privilege || ' ON DIRECTORY ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('language') THEN
'GRANT ' || privilege || ' ON LANGUAGE ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('foreign data wrapper') THEN
'GRANT ' || privilege || ' ON FOREIGN DATA WRAPPER ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('foreign server') THEN
'GRANT ' || privilege || ' ON FOREIGN SERVER ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('template') THEN
'GRANT ' || privilege || ' ON TEMPLATE ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('extension data source') THEN
'GRANT ' || privilege || ' ON EXTENSION DATA SOURCE ' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('namespace') THEN
'GRANT ' || privilege || ' ON SCHEMA ' || quote_ident(objectschema) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype = 'attribute' THEN
'GRANT ' || privilege || '(' || quote_ident(subobjname) ||')'|| ' ON TABLE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype = 'function' THEN
'GRANT ' || privilege || ' ON FUNCTION ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || '('||pg_get_function_arguments(objoid)||')' || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype = 'type' THEN
'GRANT ' || privilege || ' ON TYPE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN 'WITH GRANT OPTION' END || ';'
WHEN objtype IN ('table', 'view', 'sequence', 'foreign table') THEN
'GRANT ' || privilege || ' ON TABLE ' || quote_ident(objectschema) || '.' || quote_ident(objectname) || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN ' WITH GRANT OPTION' END || ';'
WHEN objtype IN ('default') THEN
'ALTER DEFAULT PRIVILEGES FOR USER ' || quote_ident(g1.rolname) ||
CASE WHEN objschema IS NOT NULL THEN ' IN SCHEMA ' || objschema END
|| ' GRANT ' || privilege || ' ON ' || objectname || ' TO ' || quote_ident(g2.rolname) || ';'
WHEN objtype IN ('role') THEN
'GRANT ' || objname || ' TO ' || quote_ident(g2.rolname) || CASE WHEN grantable THEN ' WITH ADMIN OPTION' END || ';'
END AS grant_acl
FROM (
SELECT
objoid, objtype, owneroid, objectschema, objectname, subobjectname,
grantor, grantee, privilege, grantable
FROM (SELECT
objoid, objtype, owneroid, objectschema, objectname, subobjectname,
(info).grantor AS grantor,
(info).grantee AS grantee,
(info).privilege_type AS privilege,
(info).is_grantable AS grantable
FROM (
SELECT
objoid, objtype, owneroid, n.nspname as objectschema, objectname, subobjectname, aclexplode(objacl) AS info
FROM (
SELECT oid AS objoid, 'function' AS objtype, proowner AS owneroid, pronamespace AS nspoid, proname as objectname, NULL AS subobjectname, proacl AS objacl
FROM pg_proc
UNION ALL
SELECT oid AS objoid, 'type' AS objtype, typowner AS owneroid, typnamespace AS nspoid, typname as objectname, NULL AS subobjectname, typacl
FROM pg_type
UNION ALL
SELECT 0 AS objoid, 'attribute' AS objtype, relowner AS owneroid, c.relnamespace AS nspoid, c.relname as objectname, attname AS subobjectname, attacl
FROM pg_attribute a
INNER JOIN pg_class c ON c.oid = a.attrelid
WHERE relkind IN ('v', 'r', 'f')
AND (reloptions IS NULL OR reloptions::text NOT LIKE '%internal_mask%')
UNION ALL
SELECT 0 AS objoid,
CASE relkind WHEN 'r' THEN 'table'
WHEN 'v' THEN 'view'
WHEN 'S' THEN 'sequence'
WHEN 'f' THEN 'foreign table'
END AS objtype,
relowner AS owneroid,
relnamespace AS nspoid, relname as objectname, NULL AS subobjectname, relacl
FROM pg_class
WHERE relkind IN ('v', 'r', 'S', 'f')
AND (reloptions IS NULL OR reloptions::text NOT LIKE '%internal_mask%')
UNION ALL
SELECT oid AS objoid, 'namespace' AS objtype, nspowner AS owneroid, oid AS nspoid, NULL as objectname, NULL AS subobjectname, nspacl
FROM pg_namespace
UNION ALL
SELECT oid AS objoid, 'database' AS objtype, datdba AS owneroid, NULL AS nspoid, datname as objectname, NULL AS subobjectname, datacl
FROM pg_database
UNION ALL
SELECT oid AS objoid, 'nodegroup' AS objtype, NULL AS owneroid, NULL AS nspoid, group_name as objectname, NULL AS subobjectname, group_acl
FROM pgxc_group
UNION ALL
SELECT oid AS objoid, 'tablespace' AS objtype, spcowner AS owneroid, NULL AS nspoid, spcname as objectname, NULL AS subobjectname, spcacl
FROM pg_tablespace
UNION ALL
SELECT oid AS objoid, 'directory' AS objtype, owner AS owneroid, NULL AS nspoid, dirname as objectname, NULL AS subobjectname, diracl
FROM pg_directory d
UNION ALL
SELECT oid AS objoid, 'language' AS objtype, lanowner AS owneroid, NULL AS nspoid, lanname as objectname, NULL AS subobjectname, lanacl
FROM pg_language l
UNION ALL
SELECT oid AS objoid, 'foreign data wrapper' AS objtype, fdwowner AS owneroid, NULL AS nspoid, fdwname as objectname, NULL AS subobjectname, fdwacl
FROM pg_foreign_data_wrapper fdw
UNION ALL
SELECT oid AS objoid, 'foreign server' AS objtype, srvowner AS owneroid, NULL AS nspoid, srvname as objectname, NULL AS subobjectname, srvacl
FROM pg_foreign_server fs
UNION ALL
SELECT 0 AS objoid, 'template' AS objtype, NULL AS owneroid, NULL AS nspoid, tmplname as objectname, NULL AS subobjectname, tmplacl
FROM pg_pltemplate fs
UNION ALL
SELECT oid AS objoid, 'extension data source' AS objtype, srcowner AS owneroid, NULL AS nspoid, srcname as objectname, NULL AS subobjectname, srcacl
FROM pg_extension_data_source
UNION ALL
SELECT oid AS objoid, 'default' AS objtype, NULL AS owneroid, d.defaclnamespace AS nspoid,
CASE WHEN defaclobjtype = 'r' THEN 'TABLES'
WHEN defaclobjtype = 'S' THEN 'SEQUENCES'
WHEN defaclobjtype = 'f' THEN 'FUNCTIONS'
WHEN defaclobjtype = 'T' THEN 'TYPES'
END AS objectname,
NULL AS subobjectname, defaclacl
FROM pg_default_acl d
) o
LEFT JOIN pg_namespace n ON n.oid = o.nspoid
WHERE objacl IS NOT NULL
AND (o.nspoid IS NULL OR o.nspoid NOT IN (99, 100, 3988, 11))
AND (objectschema IS NULL OR (objectschema NOT IN ('information_schema','dbms_job','dbms_output','dbms_random','utl_raw','dbms_lob', 'dbms_sql', 'sys', 'utl_file') AND objectschema NOT LIKE 'pg_temp%'))
) t
) t
UNION ALL
SELECT 0 AS objoid,
'role' AS objtype,
NULL AS owneroid,
NULL AS objectschema,
a1.rolname as objectname,
NULL AS subobjectname,
d.grantor AS grantor,
d.member AS grantee,
NULl AS privilege,
admin_option AS grantable
FROM pg_auth_members d
INNER JOIN pg_roles a1 ON a1.oid = d.roleid
) a
LEFT JOIN pg_roles o ON o.oid = a.owneroid
LEFT JOIN pg_roles g1 ON g1.oid = a.grantor
LEFT JOIN (SELECT oid, rolname AS rolname FROM pg_roles
UNION ALL
SELECT 0::oid AS oid, 'public'::name AS rolname
) g2 ON g2.oid = a.grantee
WHERE 1 = 1
;视图字段解析
| 字段名称 | 字段解析 |
| objtype |
对象类型,当前支持的类型有database,nodegroup,tablespace,directory,language,foreign data wrapper,foreign server,template,extension data source,namespace,attribute,function,type,role,default,table, view, sequence, foreign table 其中default是指通过ALTER DEFAULT PRIVILEGES语法赋的权限 |
| objowner | 对象的owner |
| objschema | 对象的schema |
| objname | 对象的名称 |
| subobjname | 对象的子名称,只有当对象类型为attribute的时候,此字段才有意义 |
| grantor | 赋权用户,一般为对象的owner |
| grantee | 赋权的目标用户,如果名称为public,则含义和GRANT语句中的public含义一样,表示此权限是赋予所有用户的 |
| privilege | 权限类型,和指定对象类型的GRANT语句中的权限信息一致 |
| grantable | 表示此权限是否可以由grantee再赋给其它用户 |
| acl_transfer | 权限传递链表 |
|
revoke_acl |
权限撤销语句 |
| grant_acl | 权限赋予语句 |
比如查询表public.x的权限信息
SELECT * FROM dfm_object_acl WHERE objtype = 'table' AND objschema= 's' AND objname='x';
objtype | objowner | objschema | objname | subobjname | grantor | grantee | privilege | grantable | acl_transfer | revoke_acl | grant_acl
---------+-----------+-----------+---------+------------+-----------+-----------+------------+-----------+----------------+------------------------------------------------+---------------------------------------------------------
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | INSERT | f | | REVOKE INSERT ON TABLE s.x FROM j00xxxxxx; | GRANT INSERT ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | SELECT | f | | REVOKE SELECT ON TABLE s.x FROM j00xxxxxx; | GRANT SELECT ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | UPDATE | f | | REVOKE UPDATE ON TABLE s.x FROM j00xxxxxx; | GRANT UPDATE ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | DELETE | f | | REVOKE DELETE ON TABLE s.x FROM j00xxxxxx; | GRANT DELETE ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | TRUNCATE | f | | REVOKE TRUNCATE ON TABLE s.x FROM j00xxxxxx; | GRANT TRUNCATE ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | REFERENCES | f | | REVOKE REFERENCES ON TABLE s.x FROM j00xxxxxx; | GRANT REFERENCES ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | TRIGGER | f | | REVOKE TRIGGER ON TABLE s.x FROM j00xxxxxx; | GRANT TRIGGER ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | ANALYZE | f | | REVOKE ANALYZE ON TABLE s.x FROM j00xxxxxx; | GRANT ANALYZE ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | VACUUM | f | | REVOKE VACUUM ON TABLE s.x FROM j00xxxxxx; | GRANT VACUUM ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | ALTER | f | | REVOKE ALTER ON TABLE s.x FROM j00xxxxxx; | GRANT ALTER ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | j00xxxxxx | DROP | f | | REVOKE DROP ON TABLE s.x FROM j00xxxxxx; | GRANT DROP ON TABLE s.x TO j00xxxxxx;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | INSERT | t | | REVOKE INSERT ON TABLE s.x FROM dfm; | GRANT INSERT ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | SELECT | t | | REVOKE SELECT ON TABLE s.x FROM dfm; | GRANT SELECT ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | UPDATE | t | | REVOKE UPDATE ON TABLE s.x FROM dfm; | GRANT UPDATE ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | DELETE | t | | REVOKE DELETE ON TABLE s.x FROM dfm; | GRANT DELETE ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | TRUNCATE | t | | REVOKE TRUNCATE ON TABLE s.x FROM dfm; | GRANT TRUNCATE ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | REFERENCES | t | | REVOKE REFERENCES ON TABLE s.x FROM dfm; | GRANT REFERENCES ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | TRIGGER | t | | REVOKE TRIGGER ON TABLE s.x FROM dfm; | GRANT TRIGGER ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | ANALYZE | t | | REVOKE ANALYZE ON TABLE s.x FROM dfm; | GRANT ANALYZE ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | VACUUM | t | | REVOKE VACUUM ON TABLE s.x FROM dfm; | GRANT VACUUM ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | ALTER | t | | REVOKE ALTER ON TABLE s.x FROM dfm; | GRANT ALTER ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | j00xxxxxx | dfm | DROP | t | | REVOKE DROP ON TABLE s.x FROM dfm; | GRANT DROP ON TABLE s.x TO dfm WITH GRANT OPTION;
table | j00xxxxxx | s | x | | dfm | u1 | INSERT | f | j00xxxxxx->dfm | REVOKE INSERT ON TABLE s.x FROM u1; | GRANT INSERT ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | SELECT | f | j00xxxxxx->dfm | REVOKE SELECT ON TABLE s.x FROM u1; | GRANT SELECT ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | UPDATE | f | j00xxxxxx->dfm | REVOKE UPDATE ON TABLE s.x FROM u1; | GRANT UPDATE ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | DELETE | f | j00xxxxxx->dfm | REVOKE DELETE ON TABLE s.x FROM u1; | GRANT DELETE ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | TRUNCATE | f | j00xxxxxx->dfm | REVOKE TRUNCATE ON TABLE s.x FROM u1; | GRANT TRUNCATE ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | REFERENCES | f | j00xxxxxx->dfm | REVOKE REFERENCES ON TABLE s.x FROM u1; | GRANT REFERENCES ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | TRIGGER | f | j00xxxxxx->dfm | REVOKE TRIGGER ON TABLE s.x FROM u1; | GRANT TRIGGER ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | ANALYZE | f | j00xxxxxx->dfm | REVOKE ANALYZE ON TABLE s.x FROM u1; | GRANT ANALYZE ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | VACUUM | f | j00xxxxxx->dfm | REVOKE VACUUM ON TABLE s.x FROM u1; | GRANT VACUUM ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | ALTER | f | j00xxxxxx->dfm | REVOKE ALTER ON TABLE s.x FROM u1; | GRANT ALTER ON TABLE s.x TO u1;
table | j00xxxxxx | s | x | | dfm | u1 | DROP | f | j00xxxxxx->dfm | REVOKE DROP ON TABLE s.x FROM u1; | GRANT DROP ON TABLE s.x TO u1;
(33 rows)
acl_transfer字段j00xxxxxx->dfm表示用户dfm的权限是从用户j00xxxxxx继承过来
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)