Query goal: | Find privileges to use views. Check as to whether it conforms to the principle of least privilege. Check that users that correspond to applications have all the necessary privileges. Users (applications) should use a database through virtual data layer. Thus, if they need to read data from a database, then they should use views. |
Query type: | General (Overview of some aspect of the database.) |
Query license: | MIT License |
Data source: | INFORMATION_SCHEMA+system catalog |
SQL query: | Click on query to copy it
SELECT tp.grantee, tp.table_schema AS view_schema, tp.table_name AS view_name, array_agg(tp.privilege_type::TEXT) AS privileges, Count(*) AS number_of_privileges FROM information_schema.table_privileges AS tp INNER JOIN information_schema.tables AS t ON t.table_schema=tp.table_schema AND t.table_name=tp.table_name WHERE t.table_type='VIEW' AND tp.table_schema NOT IN (SELECT schema_name FROM INFORMATION_SCHEMA.schemata WHERE schema_name<>'public' AND schema_owner='postgres' AND schema_name IS NOT NULL) AND grantee <> ALL (SELECT viewowner FROM pg_catalog.pg_views AS pv WHERE pv.schemaname=tp.table_schema AND pv.viewname=tp.table_name) GROUP BY tp.grantee, tp.table_schema, tp.table_name ORDER BY Count(*) DESC, grantee, tp.table_schema, tp.table_name; |
Collection name | Collection description |
---|---|
Find problems by overview | Queries that results point to different aspects of database that might have problems. A human reviewer has to decide based on the results as to whether there are problems or not . |
Category name | Category description |
---|---|
Derived tables | Queries of this category provide information about the derived tables (views, materialized views), which are used to implement virtual data layer. |
Security | Queries of this category provide information about the security measures. |
Reference |
---|
https://en.wikipedia.org/wiki/Principle_of_least_privilege |
https://www.postgresql.org/docs/current/ddl-priv.html |