Skip to content
This repository has been archived by the owner on Jan 17, 2025. It is now read-only.

"grant ALL on table.." grants more permissions than available in redshift_grant #62

Closed
mtesch-um opened this issue Mar 17, 2022 · 2 comments
Closed

"grant ALL on table.." grants more permissions than available in redshift_grant #62

mtesch-um opened this issue Mar 17, 2022 · 2 comments

Comments

@mtesch-um
Copy link
Contributor

mtesch-um commented Mar 17, 2022
edited
Loading

GRANT ALL ON TABLE xyz leaves the table with a permission string of =arwdRxtD/ whereas the currently allowed set of GRANT permissions ("SELECT", "UPDATE", "INSERT", "DELETE", "DROP", "REFERENCES") can only set the table permission string to =arwdxD/.

Maybe possible solutions are to add an ALL possibility, or to add the R and t permissions?

The RULE and TRIGGER permissions are undocumented, but they are needed for redshift's materialized views implementation. A user who does not have those permissions to a materialized view can not refresh the view. https://docs.aws.amazon.com/redshift/latest/dg/materialized-view-refresh-sql-command.html
@mtesch-um
Copy link
Contributor Author

Reference: https://github.com/awslabs/amazon-redshift-utils/blob/master/src/AdminViews/v_generate_user_grant_revoke_ddl.sql explicitly associates ALL with arwdRxtD, and 'R' with 'RULE' and 't' with 'TRIGGER'

@mtesch-um mtesch-um mentioned this issue Mar 18, 2022
Merged
@winglot
Copy link
Member

winglot commented Apr 20, 2022

The issue has been resolved in #63.

@winglot winglot closed this as completed Apr 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@winglot @mtesch-um