Permission-related views (#10)

* Remove duplicate user model * Add base models * Add new views for permission management * Add num_columns to table_stats * Use quotes in full_object_name. Small tweaks to formatting
dbt-labs · Mar 10, 2018 · 01326ff · 01326ff
1 parent 71213a2
commit 01326ff
Show file tree

Hide file tree

Showing 6 changed files with 100 additions and 6 deletions.
diff --git a/models/base/pg_tables.sql b/models/base/pg_tables.sql
@@ -0,0 +1,9 @@
+select
+  schemaname as schema_name
+, tablename as table_name
+, tableowner as table_owner
+, tablespace as table_space
+, hasindexes as has_indexes
+, hasrules as has_rules
+, hastriggers as has_triggers
+from pg_tables
diff --git a/models/base/pg_views.sql b/models/base/pg_views.sql
@@ -0,0 +1,5 @@
+select
+  schemaname as schema_name
+, viewname as view_name
+, viewowner as view_owner
+from pg_views
diff --git a/models/base/users.sql b/models/base/users.sql
diff --git a/models/views/table_stats.sql b/models/views/table_stats.sql
@@ -33,6 +33,7 @@ with unsorted_by_table as (
   , min(sort_key) as sort_key
   , max(attsortkeyord) as num_sort_keys
   , (max(attencodingtype) > 0) as is_encoded
+  , max(attnum) as num_columns
   from {{ref('pg_attribute')}}
   group by 1
 
@@ -84,6 +85,7 @@ select
 , (table_attributes.sort_key is not null) as is_sorted
 , table_attributes.sort_key
 , table_attributes.num_sort_keys
+, table_attributes.num_columns
 
 , table_sizes.size_in_megabytes
 , {{percentage('table_sizes.size_in_megabytes',

diff --git a/models/views/users_schema_permissions.sql b/models/views/users_schema_permissions.sql
@@ -0,0 +1,38 @@
+with tables as (
+
+  select * from {{ref('pg_tables')}}
+
+), views as (
+
+  select * from {{ref('pg_views')}}
+
+), users as (
+
+  select * from {{ref('pg_user')}}
+
+), schemas as (
+
+  select
+  distinct(schema_name)
+  from tables
+  where schema_name not in ('pg_catalog', 'information_schema')
+
+  union
+
+  select
+  distinct(schema_name)
+  from views
+
+  where schema_name not in ('pg_catalog', 'information_schema')
+
+)
+
+
+select 
+  schemas.schema_name
+, users.username
+, has_schema_privilege(users.username, schemas.schema_name, 'usage') AS has_usage_privilege
+, has_schema_privilege(users.username, schemas.schema_name, 'create') AS has_create_privilege
+from schemas
+cross join users
+order by schemas.schema_name, users.username
diff --git a/models/views/users_table_view_permissions.sql b/models/views/users_table_view_permissions.sql
@@ -0,0 +1,46 @@
+with tables as (
+
+  select * from {{ref('pg_tables')}}
+
+), views as (
+
+  select * from {{ref('pg_views')}}
+
+), users as (
+
+  select * from {{ref('pg_user')}}
+
+), objects as (
+
+  select
+    schema_name
+  , 'table' as object_type
+  , table_name as object_name
+  , '"' || schema_name || '"."' || table_name || '"' as full_object_name
+  from tables
+  where schema_name not in ('pg_catalog', 'information_schema')
+
+  union
+
+  select
+    schema_name
+  , 'view' as object_type
+  , view_name as object_name
+  , '"' || schema_name || '"."' || view_name || '"' as full_object_name
+  from views
+  where schema_name not in ('pg_catalog', 'information_schema')
+
+)
+
+select 
+  objects.schema_name
+, objects.object_name
+, users.username
+, has_table_privilege(users.username, objects.full_object_name, 'select') as has_select_privilege
+, has_table_privilege(users.username, objects.full_object_name, 'insert') as has_insert_privilege
+, has_table_privilege(users.username, objects.full_object_name, 'update') as has_update_privilege
+, has_table_privilege(users.username, objects.full_object_name, 'delete') as has_delete_privilege
+, has_table_privilege(users.username, objects.full_object_name, 'references') as has_references_privilege
+from objects
+cross join users
+order by objects.full_object_name, users.username