{"id":19236856,"url":"https://github.com/crunchydata/crunchy_check_access","last_synced_at":"2025-02-23T13:49:37.794Z","repository":{"id":89933690,"uuid":"167225888","full_name":"CrunchyData/crunchy_check_access","owner":"CrunchyData","description":"Functions and views to facilitate PostgreSQL object access inspection","archived":false,"fork":false,"pushed_at":"2024-05-16T19:56:13.000Z","size":25,"stargazers_count":28,"open_issues_count":1,"forks_count":9,"subscribers_count":13,"default_branch":"master","last_synced_at":"2025-01-05T01:40:57.612Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PLpgSQL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CrunchyData.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-23T17:38:50.000Z","updated_at":"2024-10-09T06:47:34.000Z","dependencies_parsed_at":"2024-11-09T16:37:06.247Z","dependency_job_id":null,"html_url":"https://github.com/CrunchyData/crunchy_check_access","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrunchyData%2Fcrunchy_check_access","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrunchyData%2Fcrunchy_check_access/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrunchyData%2Fcrunchy_check_access/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CrunchyData%2Fcrunchy_check_access/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CrunchyData","download_url":"https://codeload.github.com/CrunchyData/crunchy_check_access/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240324060,"owners_count":19783453,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T16:23:43.366Z","updated_at":"2025-02-23T13:49:37.772Z","avatar_url":"https://github.com/CrunchyData.png","language":"PLpgSQL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# crunchy_check_access\nFunctions and views to facilitate PostgreSQL object access inspection\n\n## Overview\nTypically install this script as the database superuser.\n\nOnce installed, to find all user privileges in the database while ignoring the system catalog and information schema, do:\n```\nSELECT * FROM all_access() WHERE base_role != CURRENT_USER;\n```\n\nTo find all user privileges in the database including the system catalog and information schema, do:\n```\nSELECT * FROM all_access(true) WHERE base_role != CURRENT_USER;\n```\n\nBy default, execute has been revoked from PUBLIC on the installed functions except ```my_privs()``` and ```my_privs_sys()``` and their corresponding convenience views ```my_privs``` and ```my_privs_sys```. These functions/views allow users to discover their own privileges.\n\nNote that the privileges are discovered by recursing through all roles accessable via a ```GRANT```, including non-inherited ones (need to specifically use ```SET ROLE``` to escalate and gain said privilege). The source path to a given privilege shown in the output is available in the ```role_path``` column. Each ancestor in the ```role_path``` is tagged with either ```(true)``` or ```(false)``` to indicate if privileges are inherited by that role.\n\n```base_role``` was the entry point (initially logged in user), while ```as_role``` shows the role with the actual privilege.\n\nThe ```all_access``` and ```check_access``` report grants that actually authorize actions against the referenced object.  For example, a role may be granted SELECT privileges but will not be reported by the access functions unless it also has usage privilege on the schema.  To allow for reporting of all grants the ```all_grants``` and ```check_grants``` function was added.  These functions will report all grants and are useful for entitlement and audit reporting.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrunchydata%2Fcrunchy_check_access","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcrunchydata%2Fcrunchy_check_access","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcrunchydata%2Fcrunchy_check_access/lists"}