Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- select
- nspname as schemaname
- , array_to_string(nspacl, ',') as acls
- from
- pg_namespace
- where
- nspacl is not null
- and nspowner != 1
- and array_to_string(nspacl, ',') like '%u_A=%' -- REPLACE USERNAME
- ;
- select
- pg_namespace.nspname as schemaname
- , pg_class.relname as tablename
- , array_to_string(pg_class.relacl, ',') as acls
- from pg_class
- left join pg_namespace on pg_class.relnamespace = pg_namespace.oid
- where
- pg_class.relacl is not null
- and pg_namespace.nspname not in (
- 'pg_catalog'
- , 'pg_toast'
- , 'information_schema'
- )
- and array_to_string(pg_class.relacl, ',') like '%u_A=%' -- REPLACE USERNAME
- order by
- pg_namespace.nspname
- , pg_class.relname
- ;
- r -- SELECT ("read")
- w -- UPDATE ("write")
- a -- INSERT ("append")
- d -- DELETE
- D -- TRUNCATE
- x -- REFERENCES
- t -- TRIGGER
- X -- EXECUTE
- U -- USAGE
- C -- CREATE
- c -- CONNECT
- T -- TEMPORARY
- arwdDxt -- ALL PRIVILEGES (for tables, varies for other objects)
- * -- grant option for preceding privilege
- /yyyy -- role that granted this privilege
- import psycopg2
- # Connect to Redshift
- conn = psycopg2.connect(host="", dbname="", user="", password="", port="5439")
- conn.autocommit = True
- cursor = conn.cursor()
- # List of users to drop
- users = ['user_to_drop_1', 'user_to_drop_2']
- # New owner, used when changing ownership
- new_owner = 'new_user'
- # Templates to change ownership, revoke permissions, and drop users
- change_ownership = "select 'alter table '+schemaname+'.'+tablename+' owner to %s;' from pg_tables where tableowner like '%s'"
- revoke_schema_permissions = "select distinct 'revoke all on schema '+schemaname+' from %s;' from admin.v_get_obj_priv_by_user where usename like '%s'"
- revoke_table_permissions = "select distinct 'revoke all on all tables in schema '+schemaname+' from %s;' from admin.v_get_obj_priv_by_user where usename like '%s'"
- drop_user = "drop user %s;"
- for user in users:
- # Change ownership
- cursor.execute(change_ownership % (new_owner, user))
- for r in cursor.fetchall():
- print("Executing: %s" % r[0])
- cursor.execute(r[0])
- # Revoke schema permissions
- cursor.execute(revoke_schema_permissions % (user, user))
- for r in cursor.fetchall():
- print("Executing: %s" % r[0])
- cursor.execute(r[0])
- # Revoke table permissions
- cursor.execute(revoke_table_permissions % (user, user))
- for r in cursor.fetchall():
- print("Executing: %s" % r[0])
- cursor.execute(r[0])
- # Drop user
- cursor.execute(drop_user % (user))
Add Comment
Please, Sign In to add comment