查询信息模式的麻烦
troubles querying information schema
postgresql server 8.4
对于属性为“超级用户”的用户,我可以执行此查询:
SELECT
ccu.table_name AS master_table, ccu.column_name AS master_column,
tc.table_name AS child_table, kcu.column_name AS child_column
FROM
information_schema.table_constraints AS tc
JOIN information_schema.key_column_usage AS kcu
ON tc.constraint_name = kcu.constraint_name
JOIN information_schema.constraint_column_usage AS ccu
ON ccu.constraint_name = tc.constraint_name
WHERE constraint_type = 'FOREIGN KEY'
ORDER BY master_table, master_column
对于普通用户,我没有错误,但也没有结果。
允许普通用户查询信息架构的最低权限是...授予...?
我尝试失败
GRANT USAGE ON SCHEMA information_schema to user
还有
grant select on information_schema.constraint_column_usage to user
(and the other two used)
您将只能看到您拥有某些权限的对象:
您无法看到其他用户的临时对象。
您可以看到其所有者是您所属角色的对象。
如果您对 table 或其列有任何权限,您可以看到对象。
要绕过这些限制,您可以使用 SECURITY DEFINER 创建一个属于超级用户并为您运行查询的函数。
然后从 PUBLIC 撤销该功能的 EXECUTE 并将其授予需要它的用户。
CREATE FUNCTION info_schema_query()
RETURNS TABLE (
master_table information_schema.sql_identifier,
master_column information_schema.sql_identifier,
child_table information_schema.sql_identifier,
child_column information_schema.sql_identifier
)
LANGUAGE sql STABLE SECURITY DEFINER
SET search_path = information_schema
AS $$SELECT ...$$;
REVOKE EXECUTE ON FUNCTION info_schema_query() FROM PUBLIC;
GRANT EXECUTE ON FUNCTION info_schema_query() TO j_random_user;
postgresql server 8.4
对于属性为“超级用户”的用户,我可以执行此查询:
SELECT
ccu.table_name AS master_table, ccu.column_name AS master_column,
tc.table_name AS child_table, kcu.column_name AS child_column
FROM
information_schema.table_constraints AS tc
JOIN information_schema.key_column_usage AS kcu
ON tc.constraint_name = kcu.constraint_name
JOIN information_schema.constraint_column_usage AS ccu
ON ccu.constraint_name = tc.constraint_name
WHERE constraint_type = 'FOREIGN KEY'
ORDER BY master_table, master_column
对于普通用户,我没有错误,但也没有结果。 允许普通用户查询信息架构的最低权限是...授予...?
我尝试失败
GRANT USAGE ON SCHEMA information_schema to user
还有
grant select on information_schema.constraint_column_usage to user
(and the other two used)
您将只能看到您拥有某些权限的对象:
您无法看到其他用户的临时对象。
您可以看到其所有者是您所属角色的对象。
如果您对 table 或其列有任何权限,您可以看到对象。
要绕过这些限制,您可以使用 SECURITY DEFINER 创建一个属于超级用户并为您运行查询的函数。
然后从 PUBLIC 撤销该功能的 EXECUTE 并将其授予需要它的用户。
CREATE FUNCTION info_schema_query()
RETURNS TABLE (
master_table information_schema.sql_identifier,
master_column information_schema.sql_identifier,
child_table information_schema.sql_identifier,
child_column information_schema.sql_identifier
)
LANGUAGE sql STABLE SECURITY DEFINER
SET search_path = information_schema
AS $$SELECT ...$$;
REVOKE EXECUTE ON FUNCTION info_schema_query() FROM PUBLIC;
GRANT EXECUTE ON FUNCTION info_schema_query() TO j_random_user;