Add pg_has_role() family of privilege inquiry functions modeled after the

existing ones for object privileges. Update the information_schema for roles --- pg_has_role() makes this a whole lot easier, removing the need for most of the explicit joins with pg_user. The views should be a tad faster now, too. Stephen Frost and Tom Lane.
2025-07-27 12:41:57 +03:00 · 2005-07-26 00:04:19 +00:00
parent e5d6b91220
commit f9fd176461
6 changed files with 383 additions and 132 deletions
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.270 2005/07/25 22:12:30 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/func.sgml,v 1.271 2005/07/26 00:04:17 tgl Exp $
 PostgreSQL documentation
 -->

@ -8427,6 +8427,21 @@ SET search_path TO <replaceable>schema</> <optional>, <replaceable>schema</>, ..
       <entry><type>boolean</type></entry>
       <entry>does current user have privilege for language</entry>
      </row>
+      <row>
+       <entry><literal><function>pg_has_role</function>(<parameter>user</parameter>,
+                                  <parameter>role</parameter>,
+                                  <parameter>privilege</parameter>)</literal>
+       </entry>
+       <entry><type>boolean</type></entry>
+       <entry>does user have privilege for role</entry>
+      </row>
+      <row>
+       <entry><literal><function>pg_has_role</function>(<parameter>role</parameter>,
+                                  <parameter>privilege</parameter>)</literal>
+       </entry>
+       <entry><type>boolean</type></entry>
+       <entry>does current user have privilege for role</entry>
+      </row>
      <row>
       <entry><literal><function>has_schema_privilege</function>(<parameter>user</parameter>,
                                  <parameter>schema</parameter>,
@ -8473,6 +8488,9 @@ SET search_path TO <replaceable>schema</> <optional>, <replaceable>schema</>, ..
   <indexterm zone="functions-info">
    <primary>has_language_privilege</primary>
   </indexterm>
+   <indexterm zone="functions-info">
+    <primary>pg_has_role</primary>
+   </indexterm>
   <indexterm zone="functions-info">
    <primary>has_schema_privilege</primary>
   </indexterm>
@ -8536,6 +8554,14 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute');
    <literal>USAGE</literal>.
   </para>

+   <para>
+    <function>pg_has_role</function> checks whether a user
+    can access a role in a particular way.  The possibilities for its
+    arguments are analogous to <function>has_table_privilege</function>.
+    The desired access privilege type must evaluate to
+    <literal>MEMBER</literal>.
+   </para>
+
   <para>
    <function>has_schema_privilege</function> checks whether a user
    can access a schema in a particular way.  The possibilities for its