Skip to content

Inspect function privileges #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
michaelbeaumont wants to merge 2 commits into from
Closed

Inspect function privileges #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
68ef5d4
Inspect function privileges
michaelbeaumont Mar 9, 2020
16b0d84
Ignore function grants to db owner
michaelbeaumont Feb 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 16 additions & 1 deletion schemainspect/pg/sql/privileges.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,19 @@ where grantee != (
)
-- SKIP_INTERNAL and table_schema not in ('pg_internal', 'pg_catalog', 'information_schema', 'pg_toast')
-- SKIP_INTERNAL and table_schema not like 'pg_temp_%' and table_schema not like 'pg_toast_temp_%'
order by schema, name, user;
union
select
routine_schema as schema,
routine_name as name,
'function' as object_type,
grantee as user,
privilege_type as privilege
from information_schema.role_routine_grants
where grantee != (
select datdba::regrole::text
from pg_database
where datname = current_database()
)
-- SKIP_INTERNAL and routine_schema not in ('pg_internal', 'pg_catalog', 'information_schema', 'pg_toast')
-- SKIP_INTERNAL and routine_schema not like 'pg_temp_%' and routine_schema not like 'pg_toast_temp_%'
order by schema, name, "user";
20 changes: 15 additions & 5 deletions tests/test_all.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,14 @@ def setup_pg_schema(s):
s.execute("comment on table emptytable is 'emptytable comment'")
s.execute("create extension pg_trgm")
s.execute("create schema otherschema")
s.execute(
"""DO $$
BEGIN
CREATE ROLE testuser;
EXCEPTION WHEN duplicate_object THEN RAISE NOTICE '%, skipping', SQLERRM USING ERRCODE = SQLSTATE;
END
$$;"""
)
s.execute(
"""
CREATE TABLE films (
Expand Down Expand Up @@ -267,6 +275,7 @@ def setup_pg_schema(s):
)
as $$select 'a'::varchar, '2014-01-01'::date$$
language sql;
grant execute on function films_f(date, text, date) to testuser;
"""
)
s.execute("comment on function films_f(date, text, date) is 'films_f comment'")
Expand Down Expand Up @@ -446,13 +455,14 @@ def asserts_pg(i, has_timescale=False):
assert n("films_title_idx") in t.indexes

# privileges
g = InspectedPrivilege("table", "public", "films", "select", "postgres")
f_films_f = n("films_f")
g = InspectedPrivilege("function", "public", "films_f", "execute", "testuser")
g = i.privileges[g.key]
assert g.create_statement == 'grant select on table {} to "postgres";'.format(
t_films
assert g.create_statement == 'grant execute on function {} to "testuser";'.format(
f_films_f
)
assert g.drop_statement == 'revoke select on table {} from "postgres";'.format(
t_films
assert g.drop_statement == 'revoke execute on function {} from "testuser";'.format(
f_films_f
)

# composite types
Expand Down