when we provide access to Redshift schemas objects, we need to consider providing the access to future objects as well,so we need to grant "alter default privilege" for considering for future object.
Here is the script will check if the schema/user granted default privilege's for future object :
select pg_get_userbyid(d.defacluser) as user,
n.nspname as schema,
case d.defaclobjtype when 'r' then 'tables' when 'f' then 'functions' end
as object_type,
array_to_string(d.defaclacl, ' + ') as default_privileges
from pg_catalog.pg_default_acl d
left join pg_catalog.pg_namespace n on n.oid = d.defaclnamespace;
|user |schema |object_type|default_privileges |
|----------------------------|------------|-----------|-------------------------------------------------------------------|
|dbadmin_service12@domain.com|Appln_schema|tables |group OLAP1_redshift_readwrite_qa=arwd/"dbadmin_service@domain.com"|==> which means this user has update,select,insert,Delete privileges for future creating objects/tables
No comments:
Post a Comment