How to get all roles that a user is a member of (including inherited roles)?PostgreSQL, display role...
How can I handle players killing my NPC outside of combat?
What's the reason that we have different quantities of days each month?
How do I fight with Heavy Armor as a Wizard with Tenser's Transformation?
Renting a 2CV in France
Coworker is trying to get me to sign his petition to run for office. How to decline politely?
Did ancient Germans take pride in leaving the land untouched?
Can I use a single resistor for multiple LED with different +ve sources?
Why is Shelob considered evil?
Why don't you get burned by the wood benches in a sauna?
Does Plato's "Ring of Gyges" have a corrupting influence on its wearer?
How do I avoid the "chosen hero" feeling?
Players preemptively rolling, even though their rolls are useless or are checking the wrong skills
Using time travel without creating plot holes
Why does a single AND gate need 60 transistors?
What could cause an entire planet of humans to become aphasic?
When does a person lose diplomatic status?
Connecting to SMTP server from AWS Lambda
Multiple null checks in Java 8
Select all columns except geometry using virtual layers
Using Ansible, how can I take actions on each file in a specific location?
How can I keep my gold safe from other PCs?
Why do single electrical receptacles exist?
What does an unprocessed RAW file look like?
Running away from a conflict
How to get all roles that a user is a member of (including inherited roles)?
PostgreSQL, display role membersRow level security in PostgreSQL for different groupsHow to control access security in databaseComma List vs Multiple RecordsMultiple user roles with different attributespostgres: “alter default privileges” issueIs there a way to give GRANT OPTION recursively for subsets of permissions?Problem granting user privileges via roles in Oracle 12cSetting up a simple “permissions architecture” in PostgreSQLWhy shouldn't user-defined database roles be members of fixed roles?MySQL privileges for roles aren't applying to users?How to switch session role securely?
Let's say I have two Postgresql database groups, "authors" and "editors", and two users, "maxwell" and "ernest".
create role authors;
create role editors;
create user maxwell;
create user ernest;
grant authors to editors; --editors can do what authors can do
grant editors to maxwell; --maxwell is an editor
grant authors to ernest; --ernest is an author
I would like to write a performant function that returns a list of the roles (preferably their oid's) that maxwell belongs to, something like this:
create or replace function get_all_roles() returns oid[] ...
It should return the oids for maxwell, authors, and editors (but not ernest).
But I am not sure how to do it when there is inheritance.
postgresql users role postgresql-9.3 access-control
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
add a comment |
Let's say I have two Postgresql database groups, "authors" and "editors", and two users, "maxwell" and "ernest".
create role authors;
create role editors;
create user maxwell;
create user ernest;
grant authors to editors; --editors can do what authors can do
grant editors to maxwell; --maxwell is an editor
grant authors to ernest; --ernest is an author
I would like to write a performant function that returns a list of the roles (preferably their oid's) that maxwell belongs to, something like this:
create or replace function get_all_roles() returns oid[] ...
It should return the oids for maxwell, authors, and editors (but not ernest).
But I am not sure how to do it when there is inheritance.
postgresql users role postgresql-9.3 access-control
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
add a comment |
Let's say I have two Postgresql database groups, "authors" and "editors", and two users, "maxwell" and "ernest".
create role authors;
create role editors;
create user maxwell;
create user ernest;
grant authors to editors; --editors can do what authors can do
grant editors to maxwell; --maxwell is an editor
grant authors to ernest; --ernest is an author
I would like to write a performant function that returns a list of the roles (preferably their oid's) that maxwell belongs to, something like this:
create or replace function get_all_roles() returns oid[] ...
It should return the oids for maxwell, authors, and editors (but not ernest).
But I am not sure how to do it when there is inheritance.
postgresql users role postgresql-9.3 access-control
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
Let's say I have two Postgresql database groups, "authors" and "editors", and two users, "maxwell" and "ernest".
create role authors;
create role editors;
create user maxwell;
create user ernest;
grant authors to editors; --editors can do what authors can do
grant editors to maxwell; --maxwell is an editor
grant authors to ernest; --ernest is an author
I would like to write a performant function that returns a list of the roles (preferably their oid's) that maxwell belongs to, something like this:
create or replace function get_all_roles() returns oid[] ...
It should return the oids for maxwell, authors, and editors (but not ernest).
But I am not sure how to do it when there is inheritance.
postgresql users role postgresql-9.3 access-control
postgresql users role postgresql-9.3 access-control
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
edited Jan 3 '14 at 23:27
Neil McGuigan
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
asked Jan 3 '14 at 22:07
Neil McGuiganNeil McGuigan
5,52932344
5,52932344
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
You can query the system catalog with a recursive query, in particular pg_auth_members:
WITH RECURSIVE cte AS (
SELECT oid FROM pg_roles WHERE rolname = 'maxwell'
UNION ALL
SELECT m.roleid
FROM cte
JOIN pg_auth_members m ON m.member = cte.oid
)
SELECT oid FROM cte;
BTW, INHERIT is the default behavior of CREATE ROLE and doesn't have to be spelled out.
BTW2: circular dependencies are not possible. Postgres disallows that. So we don't have to check for that.
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
add a comment |
Short version:
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
Here we use a version of pg_has_role that takes a role name as the subject and role oid to test for membership, passing member mode so we test for inherited memberships.
The advantage of using pg_has_role is that it uses PostgreSQL's internal caches of role information to satisfy membership queries quickly.
You might want to wrap this in a SECURITY DEFINER function, since pg_authid has restricted access. Something like:
CREATE OR REPLACE FUNCTION user_role_memberships(text)
RETURNS SETOF oid
LANGUAGE sql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role($1, a.oid, 'member');
$$;
REVOKE EXECUTE ON FUNCTION user_role_memberships(text) FROM public;
GRANT EXECUTE ON FUNCTION user_role_memberships(text) TO ...whoever...;
You can use pg_get_userbyid(oid) to get the role name from the oid without the need to query pg_authid:
SELECT a.oid AS member_oid, pg_get_userbyid(oid) AS member_name
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
1
+1 anyway, sincepg_has_role()is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.
– Erwin Brandstetter
Jan 4 '14 at 1:31
add a comment |
This is a simplified version of Craig Ringer's answer that a non superuser can use directly:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'maxwell', oid, 'member');
pg_roles is essentially a view on pg_authid accessible to public, as it doesn't reveal passwords, contrary to pg_authid. The base oid is even exported into the view. When not needing passwords, there's no point in creating the dedicated superuser-owned function.
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
add a comment |
I believe this will do it
SELECT
oid
FROM
pg_roles
WHERE
oid IN (SELECT
roleid
FROM
pg_auth_members
WHERE
member=(SELECT oid FROM pg_roles WHERE rolname='maxwell'));
If you prefer to get the role names then replace the first oid with rolname.
edited Feb 5 at 16:38
McNets
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
add a comment |
Here is my take on it.
It works for one specific user or all users.
select a.oid as user_role_id
, a.rolname as user_role_name
, b.roleid as other_role_id
, c.rolname as other_role_name
from pg_roles a
inner join pg_auth_members b on a.oid=b.member
inner join pg_roles c on b.roleid=c.oid
where a.rolname = 'user_1'
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f56096%2fhow-to-get-all-roles-that-a-user-is-a-member-of-including-inherited-roles%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can query the system catalog with a recursive query, in particular pg_auth_members:
WITH RECURSIVE cte AS (
SELECT oid FROM pg_roles WHERE rolname = 'maxwell'
UNION ALL
SELECT m.roleid
FROM cte
JOIN pg_auth_members m ON m.member = cte.oid
)
SELECT oid FROM cte;
BTW, INHERIT is the default behavior of CREATE ROLE and doesn't have to be spelled out.
BTW2: circular dependencies are not possible. Postgres disallows that. So we don't have to check for that.
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
add a comment |
You can query the system catalog with a recursive query, in particular pg_auth_members:
WITH RECURSIVE cte AS (
SELECT oid FROM pg_roles WHERE rolname = 'maxwell'
UNION ALL
SELECT m.roleid
FROM cte
JOIN pg_auth_members m ON m.member = cte.oid
)
SELECT oid FROM cte;
BTW, INHERIT is the default behavior of CREATE ROLE and doesn't have to be spelled out.
BTW2: circular dependencies are not possible. Postgres disallows that. So we don't have to check for that.
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
add a comment |
You can query the system catalog with a recursive query, in particular pg_auth_members:
WITH RECURSIVE cte AS (
SELECT oid FROM pg_roles WHERE rolname = 'maxwell'
UNION ALL
SELECT m.roleid
FROM cte
JOIN pg_auth_members m ON m.member = cte.oid
)
SELECT oid FROM cte;
BTW, INHERIT is the default behavior of CREATE ROLE and doesn't have to be spelled out.
BTW2: circular dependencies are not possible. Postgres disallows that. So we don't have to check for that.
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
You can query the system catalog with a recursive query, in particular pg_auth_members:
WITH RECURSIVE cte AS (
SELECT oid FROM pg_roles WHERE rolname = 'maxwell'
UNION ALL
SELECT m.roleid
FROM cte
JOIN pg_auth_members m ON m.member = cte.oid
)
SELECT oid FROM cte;
BTW, INHERIT is the default behavior of CREATE ROLE and doesn't have to be spelled out.
BTW2: circular dependencies are not possible. Postgres disallows that. So we don't have to check for that.
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
edited Jan 5 '14 at 1:38
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
answered Jan 3 '14 at 22:42
Erwin BrandstetterErwin Brandstetter
93.1k9178292
93.1k9178292
add a comment |
add a comment |
Short version:
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
Here we use a version of pg_has_role that takes a role name as the subject and role oid to test for membership, passing member mode so we test for inherited memberships.
The advantage of using pg_has_role is that it uses PostgreSQL's internal caches of role information to satisfy membership queries quickly.
You might want to wrap this in a SECURITY DEFINER function, since pg_authid has restricted access. Something like:
CREATE OR REPLACE FUNCTION user_role_memberships(text)
RETURNS SETOF oid
LANGUAGE sql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role($1, a.oid, 'member');
$$;
REVOKE EXECUTE ON FUNCTION user_role_memberships(text) FROM public;
GRANT EXECUTE ON FUNCTION user_role_memberships(text) TO ...whoever...;
You can use pg_get_userbyid(oid) to get the role name from the oid without the need to query pg_authid:
SELECT a.oid AS member_oid, pg_get_userbyid(oid) AS member_name
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
1
+1 anyway, sincepg_has_role()is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.
– Erwin Brandstetter
Jan 4 '14 at 1:31
add a comment |
Short version:
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
Here we use a version of pg_has_role that takes a role name as the subject and role oid to test for membership, passing member mode so we test for inherited memberships.
The advantage of using pg_has_role is that it uses PostgreSQL's internal caches of role information to satisfy membership queries quickly.
You might want to wrap this in a SECURITY DEFINER function, since pg_authid has restricted access. Something like:
CREATE OR REPLACE FUNCTION user_role_memberships(text)
RETURNS SETOF oid
LANGUAGE sql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role($1, a.oid, 'member');
$$;
REVOKE EXECUTE ON FUNCTION user_role_memberships(text) FROM public;
GRANT EXECUTE ON FUNCTION user_role_memberships(text) TO ...whoever...;
You can use pg_get_userbyid(oid) to get the role name from the oid without the need to query pg_authid:
SELECT a.oid AS member_oid, pg_get_userbyid(oid) AS member_name
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
1
+1 anyway, sincepg_has_role()is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.
– Erwin Brandstetter
Jan 4 '14 at 1:31
add a comment |
Short version:
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
Here we use a version of pg_has_role that takes a role name as the subject and role oid to test for membership, passing member mode so we test for inherited memberships.
The advantage of using pg_has_role is that it uses PostgreSQL's internal caches of role information to satisfy membership queries quickly.
You might want to wrap this in a SECURITY DEFINER function, since pg_authid has restricted access. Something like:
CREATE OR REPLACE FUNCTION user_role_memberships(text)
RETURNS SETOF oid
LANGUAGE sql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role($1, a.oid, 'member');
$$;
REVOKE EXECUTE ON FUNCTION user_role_memberships(text) FROM public;
GRANT EXECUTE ON FUNCTION user_role_memberships(text) TO ...whoever...;
You can use pg_get_userbyid(oid) to get the role name from the oid without the need to query pg_authid:
SELECT a.oid AS member_oid, pg_get_userbyid(oid) AS member_name
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
Short version:
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
Here we use a version of pg_has_role that takes a role name as the subject and role oid to test for membership, passing member mode so we test for inherited memberships.
The advantage of using pg_has_role is that it uses PostgreSQL's internal caches of role information to satisfy membership queries quickly.
You might want to wrap this in a SECURITY DEFINER function, since pg_authid has restricted access. Something like:
CREATE OR REPLACE FUNCTION user_role_memberships(text)
RETURNS SETOF oid
LANGUAGE sql
SECURITY DEFINER
SET search_path = pg_catalog, pg_temp
AS $$
SELECT a.oid
FROM pg_authid a
WHERE pg_has_role($1, a.oid, 'member');
$$;
REVOKE EXECUTE ON FUNCTION user_role_memberships(text) FROM public;
GRANT EXECUTE ON FUNCTION user_role_memberships(text) TO ...whoever...;
You can use pg_get_userbyid(oid) to get the role name from the oid without the need to query pg_authid:
SELECT a.oid AS member_oid, pg_get_userbyid(oid) AS member_name
FROM pg_authid a
WHERE pg_has_role('maxwell', a.oid, 'member');
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
edited Jan 4 '14 at 1:26
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
answered Jan 4 '14 at 0:11
Craig RingerCraig Ringer
40k191133
40k191133
1
+1 anyway, sincepg_has_role()is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.
– Erwin Brandstetter
Jan 4 '14 at 1:31
add a comment |
1
+1 anyway, sincepg_has_role()is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.
– Erwin Brandstetter
Jan 4 '14 at 1:31
1
1
+1 anyway, since
pg_has_role() is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.– Erwin Brandstetter
Jan 4 '14 at 1:31
+1 anyway, since
pg_has_role() is probably a bit faster than my recursive query, even if that hardly matters. One last thing though: it returns all roles for supersusers, which may or may not be a welcome side effect. That's where the result differs from my query.– Erwin Brandstetter
Jan 4 '14 at 1:31
add a comment |
This is a simplified version of Craig Ringer's answer that a non superuser can use directly:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'maxwell', oid, 'member');
pg_roles is essentially a view on pg_authid accessible to public, as it doesn't reveal passwords, contrary to pg_authid. The base oid is even exported into the view. When not needing passwords, there's no point in creating the dedicated superuser-owned function.
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
add a comment |
This is a simplified version of Craig Ringer's answer that a non superuser can use directly:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'maxwell', oid, 'member');
pg_roles is essentially a view on pg_authid accessible to public, as it doesn't reveal passwords, contrary to pg_authid. The base oid is even exported into the view. When not needing passwords, there's no point in creating the dedicated superuser-owned function.
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
add a comment |
This is a simplified version of Craig Ringer's answer that a non superuser can use directly:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'maxwell', oid, 'member');
pg_roles is essentially a view on pg_authid accessible to public, as it doesn't reveal passwords, contrary to pg_authid. The base oid is even exported into the view. When not needing passwords, there's no point in creating the dedicated superuser-owned function.
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
This is a simplified version of Craig Ringer's answer that a non superuser can use directly:
SELECT oid, rolname FROM pg_roles WHERE
pg_has_role( 'maxwell', oid, 'member');
pg_roles is essentially a view on pg_authid accessible to public, as it doesn't reveal passwords, contrary to pg_authid. The base oid is even exported into the view. When not needing passwords, there's no point in creating the dedicated superuser-owned function.
edited Apr 13 '17 at 12:42
Community♦
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
edited Apr 13 '17 at 12:42
Community♦
1
edited Apr 13 '17 at 12:42
Community♦
1
edited Apr 13 '17 at 12:42
Community♦
1
1
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
answered Jul 23 '15 at 0:59
Daniel VéritéDaniel Vérité
17.3k33551
17.3k33551
add a comment |
add a comment |
I believe this will do it
SELECT
oid
FROM
pg_roles
WHERE
oid IN (SELECT
roleid
FROM
pg_auth_members
WHERE
member=(SELECT oid FROM pg_roles WHERE rolname='maxwell'));
If you prefer to get the role names then replace the first oid with rolname.
edited Feb 5 at 16:38
McNets
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
add a comment |
I believe this will do it
SELECT
oid
FROM
pg_roles
WHERE
oid IN (SELECT
roleid
FROM
pg_auth_members
WHERE
member=(SELECT oid FROM pg_roles WHERE rolname='maxwell'));
If you prefer to get the role names then replace the first oid with rolname.
edited Feb 5 at 16:38
McNets
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
add a comment |
I believe this will do it
SELECT
oid
FROM
pg_roles
WHERE
oid IN (SELECT
roleid
FROM
pg_auth_members
WHERE
member=(SELECT oid FROM pg_roles WHERE rolname='maxwell'));
If you prefer to get the role names then replace the first oid with rolname.
edited Feb 5 at 16:38
McNets
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
I believe this will do it
SELECT
oid
FROM
pg_roles
WHERE
oid IN (SELECT
roleid
FROM
pg_auth_members
WHERE
member=(SELECT oid FROM pg_roles WHERE rolname='maxwell'));
If you prefer to get the role names then replace the first oid with rolname.
edited Feb 5 at 16:38
McNets
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
edited Feb 5 at 16:38
McNets
15.9k42061
edited Feb 5 at 16:38
McNets
15.9k42061
edited Feb 5 at 16:38
McNets
15.9k42061
15.9k42061
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
answered Feb 5 at 15:21
SureShotUKSureShotUK
1
1
add a comment |
add a comment |
Here is my take on it.
It works for one specific user or all users.
select a.oid as user_role_id
, a.rolname as user_role_name
, b.roleid as other_role_id
, c.rolname as other_role_name
from pg_roles a
inner join pg_auth_members b on a.oid=b.member
inner join pg_roles c on b.roleid=c.oid
where a.rolname = 'user_1'
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Here is my take on it.
It works for one specific user or all users.
select a.oid as user_role_id
, a.rolname as user_role_name
, b.roleid as other_role_id
, c.rolname as other_role_name
from pg_roles a
inner join pg_auth_members b on a.oid=b.member
inner join pg_roles c on b.roleid=c.oid
where a.rolname = 'user_1'
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Here is my take on it.
It works for one specific user or all users.
select a.oid as user_role_id
, a.rolname as user_role_name
, b.roleid as other_role_id
, c.rolname as other_role_name
from pg_roles a
inner join pg_auth_members b on a.oid=b.member
inner join pg_roles c on b.roleid=c.oid
where a.rolname = 'user_1'
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Here is my take on it.
It works for one specific user or all users.
select a.oid as user_role_id
, a.rolname as user_role_name
, b.roleid as other_role_id
, c.rolname as other_role_name
from pg_roles a
inner join pg_auth_members b on a.oid=b.member
inner join pg_roles c on b.roleid=c.oid
where a.rolname = 'user_1'
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
answered 10 mins ago
Alexis.RollandAlexis.Rolland
1012
1012
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Alexis.Rolland is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f56096%2fhow-to-get-all-roles-that-a-user-is-a-member-of-including-inherited-roles%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
