This page provides information about the privileges held by roles.
Roles can be granted to roles. This page recurses through all the roles granted to every role, and so shows, for each role, both the privileges granted directly to the role, and also all the roles, and their privileges, which provide privileges to the role.
Note this page is slow, as it must create and populate a couple of temp tables, to work around limmitations inherent in the Redshift system tables.
Name | Type |
---|---|
role_id | int8 |
role | varchar |
granted_role_id | int8 |
granted role | varchar |
priv_access_system_table | bool |
priv_alter_datashare | bool |
priv_alter_default_privileges | bool |
priv_alter_materialized_view_row_level_security | bool |
priv_alter_table | bool |
priv_alter_table_enable_row_level_security | bool |
priv_alter_user | bool |
priv_analyze | bool |
priv_attach_rls_policy | bool |
priv_cancel | bool |
priv_create_datashare | bool |
priv_create_library | bool |
priv_create_or_replace_external_function | bool |
priv_create_or_replace_function | bool |
priv_create_or_replace_stored_procedures | bool |
priv_create_or_replace_view | bool |
priv_create_rls_policy | bool |
priv_create_role | bool |
priv_create_schema | bool |
priv_create_table | bool |
priv_create_user | bool |
priv_detach_rls_policy | bool |
priv_drop_datashare | bool |
priv_drop_function | bool |
priv_drop_library | bool |
priv_drop_model | bool |
priv_drop_procedure | bool |
priv_drop_rls_policy | bool |
priv_drop_role | bool |
priv_drop_schema | bool |
priv_drop_table | bool |
priv_drop_user | bool |
priv_drop_view | bool |
priv_explain_rls | bool |
priv_grant_role | bool |
priv_ignore_rls | bool |
priv_system_create_model | bool |
priv_truncate_table | bool |
priv_vacuum | bool |
The role ID.
The role name.
This column can be NULL
. When this column is
NULL
, the priv_
columns show the
cumulative privileges for role_id
.
When this column is not NULL
, and specifies a role ID,
the specified role ID is a role which has been granted to
role_id
, and the priv_
columns show the
privileges for this specified role ID only.
This column can be NULL
. When this column is
NULL
, the priv_
columns show the
cumulative privileges for role_id
.
When this column is not NULL
, and specifies a role name,
the specified role name is a role which has been granted to
role_id
, and the priv_
columns show the
privileges for this specified role name only.
This column is true
if the role holds the
access system table
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
alter datashare
privilege, false
otherwise.
This column is true
if the role holds the
alter default privileges
privilege, false
otherwise.
This column is true
if the role holds the
alter materialized view row level security
privilege,
false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
alter table
privilege, false
otherwise.
This column is true
if the role holds the
alter table enable row level security
privilege,
false
otherwise.
This column is true
if the role holds the
alter user
privilege, false
otherwise.
This column is true
if the role holds the
analyze
privilege, false
otherwise.
This column is true
if the role holds the
attach rls policy
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
cancel
privilege, false
otherwise.
This column is true
if the role holds the
create datashare
privilege, false
otherwise.
This column is true
if the role holds the
create library
privilege, false
otherwise.
This column is true
if the role holds the
create or replace external function
privilege,
false
otherwise.
This column is true
if the role holds the
create or replace function
privilege, false
otherwise.
This column is true
if the role holds the
create or replace stored procedures
privilege,
false
otherwise.
This privilege is documented in the GRANT
syntax, but
the name there is create or replace procedure
.
This column is true
if the role holds the
create or replace view
privilege, false
otherwise.
This column is true
if the role holds the
create rls policy
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
create role
privilege, false
otherwise.
This column is true
if the role holds the
create schema
privilege, false
otherwise.
This column is true
if the role holds the
create table
privilege, false
otherwise.
This column is true
if the role holds the
create user
privilege, false
otherwise.
This column is true
if the role holds the
detach rls policy
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
drop datashare
privilege, false
otherwise.
This column is true
if the role holds the
drop function
privilege, false
otherwise.
This column is true
if the role holds the
drop library
privilege, false
otherwise.
This column is true
if the role holds the
drop model
privilege, false
otherwise.
This column is true
if the role holds the
drop procedure
privilege, false
otherwise.
This column is true
if the role holds the
drop rls policy
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
drop role
privilege, false
otherwise.
This column is true
if the role holds the
drop schema
privilege, false
otherwise.
This column is true
if the role holds the
drop table
privilege, false
otherwise.
This column is true
if the role holds the
drop user
privilege, false
otherwise.
This column is true
if the role holds the
drop view
privilege, false
otherwise.
This column is true
if the role holds the
explain rls
privilege, false
otherwise.
This column is true
if the role holds the
grant role
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
ignore rls
privilege, false
otherwise.
This column is true
if the role holds the
system create model
privilege, false
otherwise.
This privilege is not documented in the GRANT
syntax.
This column is true
if the role holds the
truncate table
privilege, false
otherwise.
This column is true
if the role holds the
vacuum
privilege, false
otherwise.