"grant ALL on table.." grants more permissions than available in redshift_grant

Question

"grant ALL on table.." grants more permissions than available in redshift_grant

mtesch-um opened this issue 3 years ago · 2 comments

GRANT ALL ON TABLE xyz leaves the table with a permission string of =arwdRxtD/ whereas the currently allowed set of GRANT permissions ("SELECT", "UPDATE", "INSERT", "DELETE", "DROP", "REFERENCES") can only set the table permission string to =arwdxD/.

Maybe possible solutions are to add an ALL possibility, or to add the R and t permissions?

The RULE and TRIGGER permissions are undocumented, but they are needed for redshift's materialized views implementation. A user who does not have those permissions to a materialized view can not refresh the view. https://docs.aws.amazon.com/redshift/latest/dg/materialized-view-refresh-sql-command.html

Answer 1 · 2022-03-18T15:39:46.000Z

Reference: https://github.com/awslabs/amazon-redshift-utils/blob/master/src/AdminViews/v_generate_user_grant_revoke_ddl.sql explicitly associates ALL with arwdRxtD, and 'R' with 'RULE' and 't' with 'TRIGGER'

Answer 2 · 2022-04-20T10:10:57.000Z

The issue has been resolved in #63.