PostgreSQL: How to view privileges info across all databases

Updated: January 5, 2024 By: Guest Contributor Post a comment

Table Of Contents

1 Introduction

2 Checking User Privileges

3 Database-Wide Privileges

4 List All User Privileges

5 Using pg_catalog.pg_namespace

6 Database Roles and Membership

7 Advanced Queries

8 Automating the Audit

9 Viewing with PgAdmin or other tools

10 Conclusion

Introduction

Understanding user privileges is crucial for PostgreSQL database security and management. This tutorial guides you through the process of viewing privilege information across all the databases in a PostgreSQL instance.

Checking User Privileges

Every role in PostgreSQL can be granted privileges to perform various operations on the database objects. To check the privileges for a particular user, you can use the following SQL query:

SELECT * FROM information_schema.role_table_grants WHERE grantee = 'username';

This will list all the table-level privileges granted to the user `username`.

Database-Wide Privileges

To view database-wide privileges, we can utilize the `pg_database` catalog along with privilege info:

SELECT datname, datacl FROM pg_database;

The `datacl` column contains access control lists (ACLs) showing user privileges for each database.

List All User Privileges

In order to see the privileges for all users, you can run:

SELECT grantee, privilege_type FROM information_schema.role_table_grants;

This gives you a comprehensive list of who can do what on which table.

Using pg_catalog.pg_namespace

For schema-level privileges, you might want to check the `pg_namespace`:

SELECT nspname, nspacl FROM pg_catalog.pg_namespace;

This shows privileges on schema level given to users.

Database Roles and Membership

To understand which roles a user has and their memberships within groups, execute:

SELECT rolname, member, admin_option FROM pg_auth_members JOIN pg_roles ON (pg_roles.oid=roleid) WHERE member = (SELECT oid FROM pg_roles WHERE rolname = 'username');

Replace `username` with the appropriate role name to retrieve this information.

Advanced Queries

More advanced users may wish to combine several catalog tables for detailed insights. As an example:

SELECT grantee, table_schema, table_name, privilege_type
FROM information_schema.role_table_grants
WHERE grantee IN (SELECT rolname FROM pg_roles);

This query will display privileges by joining on role names from `pg_roles`.

Automating the Audit

For regular audits, you can create a function to encapsulate your queries:

CREATE OR REPLACE FUNCTION audit_privileges()
RETURNS TABLE(grantee text, privilege_type text, ...) AS $func$
BEGIN
RETURN QUERY
SELECT grantee, privilege_type, ... FROM information_schema.role_table_grants;
END;
$func$ LANGUAGE plpgsql;

After creating the function, simply run:

SELECT * FROM audit_privileges();

for a formatted output.

Viewing with PgAdmin or other tools

Many PostgreSQL database management tools like PgAdmin provide GUI interfaces to examine and manage privileges. Navigate to the respective database object, right click and select ‘Properties’ or ‘Privileges’ to view the permissions through a graphical interface.

Conclusion

A thorough understanding of the privilege system in PostgreSQL is essential for maintaining a secure data environment. Analysis of privileges should be included as a part of your regular database audit. The SQL examples provided offer a foothold into monitoring and reviewing access controls within your PostgreSQL databases.

Next Article: How to set up PostgreSQL and pgAdmin on Mac

Previous Article: PostgreSQL: How to add a calculated column in SELECT query

Series: PostgreSQL Tutorials: From Basic to Advanced

PostgreSQL