HAS_ASSUMEROLE_PRIVILEGE
Returns Boolean true
(t
) if the specified user has the
specified IAM role with the privilege to run the specified command. The function
returns false
(f
) if the user doesn't have the specified IAM
role with the privilege to run the specified command. For more information about
privileges, see GRANT.
Syntax
has_assumerole_privilege( [ user, ] iam_role_arn, cmd_type)
Arguments
- user
-
The name of the user to check for IAM role privileges. The default is to check the current user. Superusers and users can use this function. However, users can only view their own privileges.
- iam_role_arn
-
The IAM role that has been granted the command privileges.
- cmd_type
-
The command for which access has been granted. Valid values are the following:
-
COPY
-
UNLOAD
-
EXTERNAL FUNCTION
-
CREATE MODEL
-
Return type
BOOLEAN
Example
The following query confirms that the user reg_user1
has the
privilege for the Redshift-S3-Read
role to run the COPY command.
select has_assumerole_privilege('reg_user1', 'arn:aws:iam::123456789012:role/Redshift-S3-Read', 'copy');
has_assumerole_privilege ------------------------ true (1 row)