Published on

Postgres - how to see all users on a DB and their table access

Authors

Today I had to build up an access matrix to see who could access a DB and what tables in particular they could access.

This can be done as follows:

See All Users

SELECT *
FROM pg_catalog.pg_user u
ORDER BY u.usename ASC;

See How Role Assignments Were Setup

SELECT r.rolname,
       r.rolsuper,
       r.rolinherit,
       r.rolcreaterole,
       r.rolcreatedb,
       r.rolcanlogin,
       r.rolconnlimit,
       r.rolvaliduntil,
       ARRAY(SELECT b.rolname
             FROM pg_catalog.pg_auth_members m
                      JOIN pg_catalog.pg_roles b ON (m.roleid = b.oid)
             WHERE m.member = r.oid) as memberof
        ,
       r.rolreplication
        ,
       r.rolbypassrls
FROM pg_catalog.pg_roles r
ORDER BY 1;

See Who Can Do What on Which Tables

select g.table_name,
       g.grantee       as "username",
       g.privilege_type,
       g.table_catalog as "database"
from information_schema.role_table_grants g
where g.grantor <> g.grantee
order by g.table_name asc;