从另一个表复制权限

发布于 2024-08-13 04:43:45 字数 275 浏览 9 评论 0原文

是否可以将用户权限从 PostgreSQL 数据库中的一个表复制到另一个表?是否只是将目标表的 pg_class.relacl 列值更新为源表的值,如下所示:

UPDATE pg_class
SET relacl=(SELECT relacl FROM pg_class WHERE relname='source_table')
WHERE relname='target_table';

这似乎可行,但我是否缺少其他可能需要的内容用这种方法可以完成还是有其他“陷阱”?

Is it possible to copy the user permissions from one table in a PostgreSQL database to another table? Is it just a matter of updating the pg_class.relacl column value for the target table to the value for the source table, as in:

UPDATE pg_class
SET relacl=(SELECT relacl FROM pg_class WHERE relname='source_table')
WHERE relname='target_table';

This seems to work, but am I missing anything else that may need to be done or other 'gotchas' with this method?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

绻影浮沉 2024-08-20 04:43:46

pg_dump 方法很好且简单,但是,它不适用于其他架构中的表,因为输出未使用架构名称限定表。相反,它会生成:

SET search_path = foo, pg_catalog;
...
GRANT SELECT ON foo_table to foo_user;

并且无法向不存在的 public.foo_table 关系授予权限。

此外,如果您在不同模式中具有相同名称的关系,则需要确保仅重命名指定模式中的表。我开始根据上面的内容编写一个 bash 脚本来解决这个问题,但它开始变得有点笨拙,所以我改用了 perl。

用法:transfer-acl old-qualified-relation=new-qualified-relation

例如 transfer-acl foo.foo_table=foo.bar_table 将在 foo 上应用授权.foo_tablefoo.bar_table。我没有实现任何 REVOKE 重写,因为我无法获取转储来发出任何内容。

#! /usr/bin/perl

use strict;
use warnings;

my %rename = map {(split '=')} @ARGV;

open my $dump, '-|', qw(pg_dump customer -s), map {('-t', $_)} keys %rename
    or die "Cannot open pipe from pg_dump: $!\n";

my $schema = 'public';
while (<$dump>) {
    if (/^SET search_path = (\w+)/) {
        $schema = $1;
    }
    elsif (/^(GRANT .*? ON TABLE )(\w+)( TO (?:[^;]+);)$/) {
        my $fq_table = "$schema." . $2; # fully-qualified schema.table
        print "$1$rename{$fq_table}$3\n" if exists $rename{$fq_table};
    }
}

将其结果通过管道传输到 psql 即可。

The pg_dump approach is nice and simple, however, it doesn't work with tables in other schemas, as the output doesn't qualify the table with schema name. Instead it generates:

SET search_path = foo, pg_catalog;
...
GRANT SELECT ON foo_table to foo_user;

and will fail to grant privileges to an nonexistent public.foo_table relation.

Also, if you have relations with the same name in different schemas, you need to ensure that you only rename the table in the specified schema. I began to hack a bash script base on the above to take care of this but it started to become a bit unwieldy, so I switched to perl.

Usage: transfer-acl old-qualified-relation=new-qualified-relation

e.g. transfer-acl foo.foo_table=foo.bar_table will apply the grants on foo.foo_table to the foo.bar_table. I didn't implement any REVOKE rewriting because I wasn't able to get a dump to emit any.

#! /usr/bin/perl

use strict;
use warnings;

my %rename = map {(split '=')} @ARGV;

open my $dump, '-|', qw(pg_dump customer -s), map {('-t', $_)} keys %rename
    or die "Cannot open pipe from pg_dump: $!\n";

my $schema = 'public';
while (<$dump>) {
    if (/^SET search_path = (\w+)/) {
        $schema = $1;
    }
    elsif (/^(GRANT .*? ON TABLE )(\w+)( TO (?:[^;]+);)$/) {
        my $fq_table = "$schema." . $2; # fully-qualified schema.table
        print "$1$rename{$fq_table}$3\n" if exists $rename{$fq_table};
    }
}

Pipe the results of this to psql and you're set.

吹梦到西洲 2024-08-20 04:43:45

如果您可以使用命令行而不是 SQL,那么更安全的方法是使用 pg_dump:

pg_dump dbname -t oldtablename -s \
| egrep '^(GRANT|REVOKE)' \
| sed 's/oldtablename/newtablename/' \
| psql dbname

我假设是 unix 服务器。在 Windows 上,我会对文件使用 pg_dump -s ,手动编辑它,然后将其导入数据库。

也许您还需要复制对此表所拥有的序列的权限 - pg_dump 将起作用。

If you can use command-line instead of SQL then a safer approach would be to use pg_dump:

pg_dump dbname -t oldtablename -s \
| egrep '^(GRANT|REVOKE)' \
| sed 's/oldtablename/newtablename/' \
| psql dbname

I assume a unix server. On Windows I'd use pg_dump -s to a file, manually edit it and then import it to a database.

Maybe you'll also need to copy permissions to sequences owned by this table - pg_dump will work.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文