HomeMogDBMogDB StackUqbar
v3.1

Documentation:v3.1

Supported Versions:

Other Versions:

Access Privilege Inquiry Function

The DDL permissions, including ALTER, DROP, COMMENT, INDEX and VACUUM, are inherent permissions implicitly owned by the owner.

  • has_any_column_privilege(user, table, privilege)

    Description: Queries whether a specified user has permission for any column of table.

    Table 1 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    table text, oid
    privilege text

    Return type: Boolean

  • has_any_column_privilege(table, privilege)

    Description: Queries whether the current user has permission to access any column of table. For details about the valid parameter types, see Table 1.

    Return type: Boolean

    has_any_column_privilege checks whether a user can access any column of a table in a particular way. Its parameter possibilities are analogous to has_table_privilege, except that the desired access permission type must be some combination of SELECT, INSERT, UPDATE, COMMENT or REFERENCES.

    img NOTE: Note that having any of these permissions at the table level implicitly grants it for each column of the table, so has_any_column_privilege will always return true if has_table_privilege does for the same parameters. But has_any_column_privilege also succeeds if there is a column-level grant of the permission for at least one column.

  • has_column_privilege(user, table, column, privilege)

    Description: Specifies whether a specified user has permission for columns.

    Table 2 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    table text, oid
    column text, smallint
    privilege text

    Return type: Boolean

  • has_column_privilege(table, column, privilege)

    Description: Specifies whether the current user has permission to access columns. For details about the valid parameter types, see Table 2.

    Return type: Boolean

    has_column_privilege checks whether a user can access a column in a particular way. Its argument possibilities are analogous to has_table_privilege, with the addition that the column can be specified either by name or attribute number. The desired access permission type must evaluate to some combination of SELECT, INSERT, UPDATE, COMMENT or REFERENCES.

    img NOTE: Note that having any of these permissions at the table level implicitly grants it for each column of the table.

  • has_cek_privilege(user, cek, privilege)

    Description: Specifies whether a specified user has permission for CEKs. The parameters are described as follows:

    Table 3 Parameter type description

    Parameter Valid Input Parameter Type Description Range
    user name, oid User User name or ID
    cek text, oid Column encryption key Name or ID of a CEK.
    privilege text Permission USAGE: allows users to use the specified CEK.DROP: allows users to delete the specified CEK.

    Return type: Boolean

  • has_cmk_privilege(user, cmk, privilege)

    Description: Specifies whether a specified user has permission for CMKs. The parameters are described as follows:

    Table 4 Parameter type description

    Parameter Valid Input Parameter Type Description Range
    user name, oid User User name or ID
    cmk text, oid CMK Name or ID of the CMK
    privilege text Permission USAGE: allows users to use the specified CMK.DROP: allows users to delete the specified CMK.

    Return type: Boolean

  • has_database_privilege(user, database, privilege)

    Description: Specifies whether a specified user has permission for databases. The parameters are described as follows:

    Table 5 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    database text, oid
    privilege text

    Return type: Boolean

  • has_database_privilege(database, privilege)

    Description: Specifies whether the current user has permission to access a database. For details about the valid parameter types, see Table 5.

    Return type: Boolean

    Note: has_database_privilege checks whether a user can access a database in a particular way. Its argument possibilities are analogous to has_table_privilege. The desired access permission type must be some combination of CREATE, CONNECT, TEMPORARY, ALTER, DROP, COMMENT or TEMP (which is equivalent to TEMPORARY).

  • has_directory_privilege(user, directory, privilege)

    Description: Specifies whether a specified user has permission for directories.

    Table 6 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    directory text, oid
    privilege text

    Return type: Boolean

  • has_directory_privilege(directory, privilege)

    Description: Specifies whether the current user has permission to access a directory. For details about the valid parameter types, see Table 6.

    Return type: Boolean

  • has_foreign_data_wrapper_privilege(user, fdw, privilege)

    Description: Specifies whether a specified user has permission for foreign-data wrappers.

    Table 7 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    fdw text, oid
    privilege text

    Return type: Boolean

  • has_foreign_data_wrapper_privilege(fdw, privilege)

    Description: Specifies whether the current user has permission for foreign-data wrappers. For details about the valid parameter types, see Table 7.

    Return type: Boolean

    Note: has_foreign_data_wrapper_privilege checks whether a user can access a foreign-data wrapper in a particular way. Its argument possibilities are analogous to has_table_privilege. The desired access permission type must evaluate to USAGE.

  • has_function_privilege(user, function, privilege)

    Description: Specifies whether a specified user has permission for functions.

    Table 8 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    function text, oid
    privilege text

    Return type: Boolean

  • has_function_privilege(function, privilege)

    Description: Specifies whether the current user has permission for functions. For details about the valid parameter types, see Table 8.

    Return type: Boolean

    Note: has_function_privilege checks whether a user can access a function in a particular way. Its argument possibilities are analogous to has_table_privilege. When a function is specified by a text string rather than by OID, the allowed input is the same as that for the regprocedure data type (see OID Types). The access permission type must be EXECUTE, ALTER, DROP, or COMMENT.

  • has_language_privilege(user, language, privilege)

    Description: Specifies whether a specified user has permission for languages.

    Table 9 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    language text, oid
    privilege text

    Return type: Boolean

  • has_language_privilege(language, privilege)

    Description: Specifies whether the current user has permission for languages. For details about the valid parameter types, see Table 9.

    Return type: Boolean

    Note: has_language_privilege checks whether a user can access a procedural language in a particular way. Its argument possibilities are analogous to has_table_privilege. The desired access permission type must evaluate to USAGE.

  • has_nodegroup_privilege(user, nodegroup, privilege)

    Description: Checks whether a user has permission to access a database node.

    Return type: Boolean

    Table 10 Parameter type description

    Parameter Valid Input Parameter Type
    user name, oid
    nodegroup text, oid
    privilege text
  • has_nodegroup_privilege(nodegroup, privilege)

    Description: Checks whether a user has permission to access a database node. The parameter is similar to has_table_privilege. The access permission type must be USAGE, CREATE, COMPUTE, ALTER, or CROP.

    Return type: Boolean

  • has_schema_privilege(user, schema, privilege)

    Description: Specifies whether a specified user has permission for schemas.

    Return type: Boolean

  • has_schema_privilege(schema, privilege)

    Description: Specifies whether the current user has permission for schemas.

    Return type: Boolean

    Note: has_schema_privilege checks whether a user can access a schema in a particular way. Its argument possibilities are analogous to has_table_privilege. The desired access permission type must be some combination of CREATE, USAGE, ALTER, DROP or COMMENT.

  • has_server_privilege(user, server, privilege)

    Description: Specifies whether a specified user has permission for foreign servers.

    Return type: Boolean

  • has_server_privilege(server, privilege)

    Description: Specifies whether the current user has permission for foreign servers.

    Return type: Boolean

    Note: has_server_privilege checks whether a user can access a foreign server in a particular way. Its argument possibilities are analogous to has_table_privilege. The access permission type must be USAGE, ALTER, DROP, or COMMENT.

  • has_table_privilege(user, table, privilege)

    Description: Specifies whether a specified user has permission for tables.

    Return type: Boolean

  • has_table_privilege(table, privilege)

    Description: Specifies whether the current user has permission for tables.

    Return type: Boolean

    has_table_privilege checks whether a user can access a table in a particular way. The user can be specified by name, by OID (pg_authid.oid), public to indicate the PUBLIC pseudo-role, or if the argument is omitted current_user is assumed. The table can be specified by name or by OID. When it is specified by name, the name can be schema-qualified if necessary. The desired access permission type is specified by a text string, which must be one of the values SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, ALTER, DROP, COMMENT, INDEX or VACUUM. Optionally, WITH GRANT OPTION can be added to a permission type to test whether the permission is held with grant option. Also, multiple permission types can be listed separated by commas, in which case the result will be true if any of the listed permissions is held.

    Example:

    MogDB=# SELECT has_table_privilege('tpcds.web_site', 'select');
     has_table_privilege
    ---------------------
     t
    (1 row)
    
    MogDB=# SELECT has_table_privilege('omm', 'tpcds.web_site', 'select,INSERT WITH GRANT OPTION ');
     has_table_privilege
    ---------------------
     t
    (1 row)
  • has_tablespace_privilege(user, tablespace, privilege)

    Description: Specifies whether a specified user has permission for tablespaces.

    Return type: Boolean

  • has_tablespace_privilege(tablespace, privilege)

    Description: Specifies whether the current user has permission for tablespaces.

    Return type: Boolean

    Note: has_tablespace_privilege checks whether a user can access a tablespace in a particular way. Its argument possibilities are analogous to has_table_privilege. The access permission type must be CREATE, ALTER, DROP, or COMMENT.

  • pg_has_role(user, role, privilege)

    Description: Specifies whether a specified user has permission for roles.

    Return type: Boolean

  • pg_has_role(role, privilege)

    Description: Specifies whether the current user has permission for roles.

    Return type: Boolean

    Note: pg_has_role checks whether a user can access a role in a particular way. Its argument possibilities are analogous to has_table_privilege, except that public is not allowed as a user name. The desired access permission type must evaluate to some combination of MEMBER or USAGE. MEMBER denotes direct or indirect membership in the role (that is, the right to do SET ROLE), while USAGE denotes the permissions of the role are available without doing SET ROLE.

  • has_any_privilege(user, privilege)

    Description: Queries whether a specified user has certain ANY permission. If multiple permissions are queried at the same time, true is returned as long as one permission is obtained.

    Return type: Boolean

    Table 11 Parameter type description

    Parameter Valid Input Parameter Type Description Range
    user name User An existing user name.
    privilege text ANY permission Available values:
    CREATE ANY TABLE [WITH ADMIN OPTION]
    ALTER ANY TABLE [WITH ADMIN OPTION]
    DROP ANY TABLE [WITH ADMIN OPTION]
    SELECT ANY TABLE [WITH ADMIN OPTION]
    INSERT ANY TABLE [WITH ADMIN OPTION]
    UPDATE ANY TABLE [WITH ADMIN OPTION]
    DELETE ANY TABLE [WITH ADMIN OPTION]
    CREATE ANY SEQUENCE [WITH ADMIN OPTION]
    CREATE ANY INDEX [WITH ADMIN OPTION]
    CREATE ANY FUNCTION [WITH ADMIN OPTION]
    EXECUTE ANY FUNCTION [WITH ADMIN OPTION]
    CREATE ANY PACKAGE [WITH ADMIN OPTION]
    EXECUTE ANY PACKAGE [WITH ADMIN OPTION]
    CREATE ANY TYPE [WITH ADMIN OPTION]
Copyright © 2011-2024 www.enmotech.com All rights reserved.