从补丁 198 开始,Amazon Redshift 将不再支持创建新的 Python UDF。现有的 Python UDF 将继续正常运行至 2026 年 6 月 30 日。有关更多信息,请参阅[博客文章](https://www.amazonaws.cn/blogs/big-data/amazon-redshift-python-user-defined-functions-will-reach-end-of-support-after-june-30-2026/)。
# SHOW GRANTS
显示用户、角色或对象的授权。对象可以是数据库、架构、表、函数或模板。指定对象(例如表或函数)时,您需要用两部分或三部分表示法对其进行限定。例如,`schema_name.table_name` 或 `database_name.schema_name.table_name`。
如果 SHOW GRANTS 命令返回的行数超过 10000,则该命令会引发错误。
## 所需的权限
要为目标用户或角色运行 SHOW GRANTS,当前用户必须满足下列条件之一:
+ 是超级用户
+ 是目标用户
+ 是目标角色的所有者
+ 已被授予角色
目标对象的 SHOW GRANTS 将仅显示对当前用户可见的授权。如果当前用户满足下列条件之一,则能查看授权:
+ 是超级用户
+ 是目标用户
+ 是被授予角色的授权所有者
+ 被授予对象授权所针对的角色
## 语法
以下是显示对象授权的语法。请注意,第二种指定函数的方法仅对从数据共享创建的外部架构和数据库有效。
```
SHOW GRANTS ON
{
DATABASE database_name |
FUNCTION {database_name.schema_name.function_name | schema_name.function_name } ( [ [ argname ] argtype [, ...] ] ) |
FUNCTION {database_name.schema_name.function_name | schema_name.function_name } |
SCHEMA {database_name.schema_name | schema_name} |
{ TABLE {database_name.schema_name.table_name | schema_name.table_name} | table_name }
TEMPLATE {database_name.schema_name.template_name | template_name}
}
[FOR {username | ROLE role_name | PUBLIC}]
[LIMIT row_limit]
```
以下是显示对于用户或角色的授权的语法。
```
SHOW GRANTS FOR
{username | ROLE role_name}
[FROM DATABASE database_name]
[LIMIT row_limit]
```
## 参数
*database\$1name*
要显示其授权的数据库的名称。
*function\$1name*
要显示其授权的函数的名称。
template\$1name
要显示其授权的模板的名称。
*schema\$1name*
要显示其授权的架构的名称。
*table\$1name*
要显示其授权的表的名称。
FOR *username*
指示显示用户的授权。
FOR ROLE *role\$1name*
指示显示角色的授权。
FOR PUBLIC
指示显示 PUBLIC 的授权。
*row\$1limit*
要返回的最大行数。*row\$1limit* 可以是 0–10000。
## 示例
以下示例显示对名为 `dev` 的数据库的所有授权。
```
SHOW GRANTS on database demo_db;
database_name | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | grantor_name
---------------+----------------+-------------+---------------+---------------+--------------+-----------------+--------------
demo_db | ALTER | 112 | alice | user | f | TABLES | dbadmin
demo_db | TRUNCATE | 112 | alice | user | f | TABLES | dbadmin
demo_db | DROP | 112 | alice | user | f | TABLES | dbadmin
demo_db | INSERT | 112 | alice | user | f | TABLES | dbadmin
demo_db | TEMP | 0 | public | public | f | DATABASE | dbadmin
demo_db | SELECT | 112 | alice | user | f | TABLES | dbadmin
demo_db | UPDATE | 112 | alice | user | f | TABLES | dbadmin
demo_db | DELETE | 112 | alice | user | f | TABLES | dbadmin
demo_db | REFERENCES | 112 | alice | user | f | TABLES | dbadmin
```
以下命令显示对名为 `demo` 的架构的所有授权。
```
SHOW GRANTS ON SCHEMA demo_schema;
schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | database_name | grantor_name
-------------+-------------+-------------+----------------+-------------+---------------+---------------+--------------+-----------------+---------------+--------------
demo_schema | demo_schema | SCHEMA | ALTER | 112 | alice | user | f | SCHEMA | db1 | dbadmin
demo_schema | demo_schema | SCHEMA | DROP | 112 | alice | user | f | SCHEMA | db1 | dbadmin
demo_schema | demo_schema | SCHEMA | USAGE | 112 | alice | user | f | SCHEMA | db1 | dbadmin
demo_schema | demo_schema | SCHEMA | CREATE | 112 | alice | user | f | SCHEMA | db1 | dbadmin
```
以下命令显示名为 `alice` 的用户的所有授权。
```
SHOW GRANTS FOR alice;
database_name | schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | privilege_scope | grantor_name
---------------+-------------+-------------+-------------+----------------+-------------+---------------+---------------+-----------------+--------------
demo_db | | | DATABASE | INSERT | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | SELECT | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | UPDATE | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | DELETE | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | REFERENCES | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | DROP | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | TRUNCATE | 124 | alice | user | TABLES | dbadmin
demo_db | | | DATABASE | ALTER | 124 | alice | user | TABLES | dbadmin
demo_db | demo_schema | | SCHEMA | USAGE | 124 | alice | user | SCHEMA | dbadmin
demo_db | demo_schema | | SCHEMA | CREATE | 124 | alice | user | SCHEMA | dbadmin
demo_db | demo_schema | | SCHEMA | DROP | 124 | alice | user | SCHEMA | dbadmin
demo_db | demo_schema | | SCHEMA | ALTER | 124 | alice | user | SCHEMA | dbadmin
demo_db | demo_schema | t1 | TABLE | INSERT | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | SELECT | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | UPDATE | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | DELETE | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | RULE | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | REFERENCES | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | TRIGGER | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | DROP | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | TRUNCATE | 124 | alice | user | TABLE | dbadmin
demo_db | demo_schema | t1 | TABLE | ALTER | 124 | alice | user | TABLE | dbadmin
```
```
SHOW GRANTS FOR alice FROM DATABASE second_db;
database_name | schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | privilege_scope | grantor_name
---------------+-------------+-------------+-------------+----------------+-------------+---------------+---------------+-----------------+--------------
second_db | public | t22 | TABLE | SELECT | 101 | alice | user | TABLE | dbadmin
```
以下命令显示了名为 `alice` 的用户在名为 `t3` 的表上的所有授权。请注意,您可以使用两部分或三部分表示法来指定表名称。
```
SHOW GRANTS ON TABLE demo_db.demo_schema.t3 FOR ALICE;
schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | database_name | grantor_name
-------------+-------------+-------------+----------------+-------------+---------------+---------------+--------------+-----------------+---------------+--------------
demo_schema | t3 | TABLE | ALTER | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | TRUNCATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | DROP | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | TRIGGER | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | SELECT | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | INSERT | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | UPDATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | DELETE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | RULE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | REFERENCES | 130 | alice | user | f | TABLE | demo_db | dbadmin
SHOW GRANTS ON TABLE demo_schema.t3 FOR ALICE;
schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | database_name | grantor_name
-------------+-------------+-------------+----------------+-------------+---------------+---------------+--------------+-----------------+---------------+--------------
demo_schema | t3 | TABLE | ALTER | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | TRUNCATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | DROP | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | TRIGGER | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | SELECT | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | INSERT | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | UPDATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | DELETE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | RULE | 130 | alice | user | f | TABLE | demo_db | dbadmin
demo_schema | t3 | TABLE | REFERENCES | 130 | alice | user | f | TABLE | demo_db | dbadmin
```
以下示例显示对名为 `t4` 的表的所有授权。请注意指定表名称的不同方式。
```
SHOW GRANTS ON t4;
schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | database_name | grantor_name
-------------+-------------+-------------+----------------+-------------+---------------+---------------+--------------+-----------------+---------------+--------------
public | t4 | TABLE | ALTER | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | TRUNCATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | DROP | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | TRIGGER | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | SELECT | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | INSERT | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | UPDATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | DELETE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | RULE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | REFERENCES | 130 | alice | user | f | TABLE | demo_db | dbadmin
SHOW GRANTS ON TABLE public.t4;
schema_name | object_name | object_type | privilege_type | identity_id | identity_name | identity_type | admin_option | privilege_scope | database_name | grantor_name
-------------+-------------+-------------+----------------+-------------+---------------+---------------+--------------+-----------------+---------------+--------------
public | t4 | TABLE | ALTER | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | TRUNCATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | DROP | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | TRIGGER | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | SELECT | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | INSERT | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | UPDATE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | DELETE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | RULE | 130 | alice | user | f | TABLE | demo_db | dbadmin
public | t4 | TABLE | REFERENCES | 130 | alice | user | f | TABLE | demo_db | dbadmin
```