select nspname as schemaname , array_to_string(nspacl

1. select
2. nspname as schemaname
3. , array_to_string(nspacl, ',') as acls
4. from
5. pg_namespace
6. where
7. nspacl is not null
8. and nspowner != 1
9. and array_to_string(nspacl, ',') like '%u_A=%' -- REPLACE USERNAME
10. ;
11.  
12. select
13. pg_namespace.nspname as schemaname
14. , pg_class.relname as tablename
15. , array_to_string(pg_class.relacl, ',') as acls
16. from pg_class
17. left join pg_namespace on pg_class.relnamespace = pg_namespace.oid
18. where
19. pg_class.relacl is not null
20. and pg_namespace.nspname not in (
21. 'pg_catalog'
22. , 'pg_toast'
23. , 'information_schema'
24. )
25. and array_to_string(pg_class.relacl, ',') like '%u_A=%' -- REPLACE USERNAME
26. order by
27. pg_namespace.nspname
28. , pg_class.relname
29. ;
30.  
31. r -- SELECT ("read")
32. w -- UPDATE ("write")
33. a -- INSERT ("append")
34. d -- DELETE
35. D -- TRUNCATE
36. x -- REFERENCES
37. t -- TRIGGER
38. X -- EXECUTE
39. U -- USAGE
40. C -- CREATE
41. c -- CONNECT
42. T -- TEMPORARY
43. arwdDxt -- ALL PRIVILEGES (for tables, varies for other objects)
44. * -- grant option for preceding privilege
45.  
46. /yyyy -- role that granted this privilege
47.  
48. import psycopg2
49.  
50. # Connect to Redshift
51. conn = psycopg2.connect(host="", dbname="", user="", password="", port="5439")
52. conn.autocommit = True
53. cursor = conn.cursor()
54.  
55. # List of users to drop
56. users = ['user_to_drop_1', 'user_to_drop_2']
57.  
58. # New owner, used when changing ownership
59. new_owner = 'new_user'
60.  
61. # Templates to change ownership, revoke permissions, and drop users
62. change_ownership = "select 'alter table '+schemaname+'.'+tablename+' owner to %s;' from pg_tables where tableowner like '%s'"
63. revoke_schema_permissions = "select distinct 'revoke all on schema '+schemaname+' from %s;' from admin.v_get_obj_priv_by_user where usename like '%s'"
64. revoke_table_permissions = "select distinct 'revoke all on all tables in schema '+schemaname+' from %s;' from admin.v_get_obj_priv_by_user where usename like '%s'"
65. drop_user = "drop user %s;"
66.  
67. for user in users:
68. # Change ownership
69. cursor.execute(change_ownership % (new_owner, user))
70. for r in cursor.fetchall():
71. print("Executing: %s" % r[0])
72. cursor.execute(r[0])
73. # Revoke schema permissions
74. cursor.execute(revoke_schema_permissions % (user, user))
75. for r in cursor.fetchall():
76. print("Executing: %s" % r[0])
77. cursor.execute(r[0])
78. # Revoke table permissions
79. cursor.execute(revoke_table_permissions % (user, user))
80. for r in cursor.fetchall():
81. print("Executing: %s" % r[0])
82. cursor.execute(r[0])
83. # Drop user
84. cursor.execute(drop_user % (user))