PostgreSQL copy permissions from another table

我只是一个虾纸丫 提交于 2019-12-10 23:33:23

问题


Is it possible to copy the user permissions from one table in a PostgreSQL database to another table? Is it just a matter of updating the pg_class.relacl column value for the target table to the value for the source table, as in:

UPDATE pg_class
SET relacl=(SELECT relacl FROM pg_class WHERE relname='source_table')
WHERE relname='target_table';

This seems to work, but am I missing anything else that may need to be done or other 'gotchas' with this method?

Thanks in advance for any replies.


回答1:


If you can use command-line instead of SQL then a safer approach would be to use pg_dump:

pg_dump dbname -t oldtablename -s \
| egrep '^(GRANT|REVOKE)' \
| sed 's/oldtablename/newtablename/' \
| psql dbname

I assume a unix server. On Windows I'd use pg_dump -s to a file, manually edit it and then import it to a database.

Maybe you'll also need to copy permissions to sequences owned by this table - pg_dump will work.




回答2:


The pg_dump approach is nice and simple, however, it doesn't work with tables in other schemas, as the output doesn't qualify the table with schema name. Instead it generates:

SET search_path = foo, pg_catalog;
...
GRANT SELECT ON foo_table to foo_user;

and will fail to grant privileges to an nonexistent public.foo_table relation.

Also, if you have relations with the same name in different schemas, you need to ensure that you only rename the table in the specified schema. I began to hack a bash script base on the above to take care of this but it started to become a bit unwieldy, so I switched to perl.

Usage: transfer-acl old-qualified-relation=new-qualified-relation

e.g. transfer-acl foo.foo_table=foo.bar_table will apply the grants on foo.foo_table to the foo.bar_table. I didn't implement any REVOKE rewriting because I wasn't able to get a dump to emit any.

#! /usr/bin/perl

use strict;
use warnings;

my %rename = map {(split '=')} @ARGV;

open my $dump, '-|', qw(pg_dump customer -s), map {('-t', $_)} keys %rename
    or die "Cannot open pipe from pg_dump: $!\n";

my $schema = 'public';
while (<$dump>) {
    if (/^SET search_path = (\w+)/) {
        $schema = $1;
    }
    elsif (/^(GRANT .*? ON TABLE )(\w+)( TO (?:[^;]+);)$/) {
        my $fq_table = "$schema." . $2; # fully-qualified schema.table
        print "$1$rename{$fq_table}$3\n" if exists $rename{$fq_table};
    }
}

Pipe the results of this to psql and you're set.



来源:https://stackoverflow.com/questions/1822798/postgresql-copy-permissions-from-another-table

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!