Roles (privs) v1

Description

This page provides information about the privileges held by roles.

Roles can be granted to roles. This page recurses through all the roles granted to every role, and so shows, for each role, both the privileges granted directly to the role, and also all the roles, and their privileges, which provide privileges to the role.

Note this page is slow, as it must create and populate a couple of temp tables, to work around limmitations inherent in the Redshift system tables.

Columns

Name	Type
role_id	int8
role	varchar
granted_role_id	int8
granted role	varchar
priv_access_system_table	bool
priv_alter_datashare	bool
priv_alter_default_privileges	bool
priv_alter_materialized_view_row_level_security	bool
priv_alter_table	bool
priv_alter_table_enable_row_level_security	bool
priv_alter_user	bool
priv_analyze	bool
priv_attach_rls_policy	bool
priv_cancel	bool
priv_create_datashare	bool
priv_create_library	bool
priv_create_or_replace_external_function	bool
priv_create_or_replace_function	bool
priv_create_or_replace_stored_procedures	bool
priv_create_or_replace_view	bool
priv_create_rls_policy	bool
priv_create_role	bool
priv_create_schema	bool
priv_create_table	bool
priv_create_user	bool
priv_detach_rls_policy	bool
priv_drop_datashare	bool
priv_drop_function	bool
priv_drop_library	bool
priv_drop_model	bool
priv_drop_procedure	bool
priv_drop_rls_policy	bool
priv_drop_role	bool
priv_drop_schema	bool
priv_drop_table	bool
priv_drop_user	bool
priv_drop_view	bool
priv_explain_rls	bool
priv_grant_role	bool
priv_ignore_rls	bool
priv_system_create_model	bool
priv_truncate_table	bool
priv_vacuum	bool

Column Descriptions

role_id

The role ID.

role

The role name.

granted_role_id

This column can be NULL. When this column is NULL, the priv_ columns show the cumulative privileges for role_id.

When this column is not NULL, and specifies a role ID, the specified role ID is a role which has been granted to role_id, and the priv_ columns show the privileges for this specified role ID only.

granted role

This column can be NULL. When this column is NULL, the priv_ columns show the cumulative privileges for role_id.

When this column is not NULL, and specifies a role name, the specified role name is a role which has been granted to role_id, and the priv_ columns show the privileges for this specified role name only.

priv_access_system_table

This column is true if the role holds the access system table privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_alter_datashare

This column is true if the role holds the alter datashare privilege, false otherwise.

priv_alter_default_privileges

This column is true if the role holds the alter default privileges privilege, false otherwise.

priv_alter_materialized_view_row_level_security

This column is true if the role holds the alter materialized view row level security privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_alter_table

This column is true if the role holds the alter table privilege, false otherwise.

priv_alter_table_enable_row_level_security

This column is true if the role holds the alter table enable row level security privilege, false otherwise.

priv_alter_user

This column is true if the role holds the alter user privilege, false otherwise.

priv_analyze

This column is true if the role holds the analyze privilege, false otherwise.

priv_attach_rls_policy

This column is true if the role holds the attach rls policy privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_cancel

This column is true if the role holds the cancel privilege, false otherwise.

priv_create_datashare

This column is true if the role holds the create datashare privilege, false otherwise.

priv_create_library

This column is true if the role holds the create library privilege, false otherwise.

priv_create_or_replace_external_function

This column is true if the role holds the create or replace external function privilege, false otherwise.

priv_create_or_replace_function

This column is true if the role holds the create or replace function privilege, false otherwise.

priv_create_or_replace_stored_procedures

This column is true if the role holds the create or replace stored procedures privilege, false otherwise.

This privilege is documented in the GRANT syntax, but the name there is create or replace procedure.

priv_create_or_replace_view

This column is true if the role holds the create or replace view privilege, false otherwise.

priv_create_rls_policy

This column is true if the role holds the create rls policy privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_create_role

This column is true if the role holds the create role privilege, false otherwise.

priv_create_schema

This column is true if the role holds the create schema privilege, false otherwise.

priv_create_table

This column is true if the role holds the create table privilege, false otherwise.

priv_create_user

This column is true if the role holds the create user privilege, false otherwise.

priv_detach_rls_policy

This column is true if the role holds the detach rls policy privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_drop_datashare

This column is true if the role holds the drop datashare privilege, false otherwise.

priv_drop_function

This column is true if the role holds the drop function privilege, false otherwise.

priv_drop_library

This column is true if the role holds the drop library privilege, false otherwise.

priv_drop_model

This column is true if the role holds the drop model privilege, false otherwise.

priv_drop_procedure

This column is true if the role holds the drop procedure privilege, false otherwise.

priv_drop_rls_policy

This column is true if the role holds the drop rls policy privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_drop_role

This column is true if the role holds the drop role privilege, false otherwise.

priv_drop_schema

This column is true if the role holds the drop schema privilege, false otherwise.

priv_drop_table

This column is true if the role holds the drop table privilege, false otherwise.

priv_drop_user

This column is true if the role holds the drop user privilege, false otherwise.

priv_drop_view

This column is true if the role holds the drop view privilege, false otherwise.

priv_explain_rls

This column is true if the role holds the explain rls privilege, false otherwise.

priv_grant_role

This column is true if the role holds the grant role privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_ignore_rls

This column is true if the role holds the ignore rls privilege, false otherwise.

priv_system_create_model

This column is true if the role holds the system create model privilege, false otherwise.

This privilege is not documented in the GRANT syntax.

priv_truncate_table

This column is true if the role holds the truncate table privilege, false otherwise.

priv_vacuum

This column is true if the role holds the vacuum privilege, false otherwise.