Re: [HACKERS] Role members

Hello! I have the following question.

For example I have a role ID1 with members ID2 and ID3.
Role ID2 has also members ID4 and ID5. It means that roles ID4 and ID5 are
members of ID1.
The question: Is there any function in PostgreSQL, that finds all the
members of role ID1 - even such members, as ID4 and ID5.

Thanks.

Akmal Akmalhojaev wrote:
> Hello! I have the following question.
>
> For example I have a role ID1 with members ID2 and ID3.
> Role ID2 has also members ID4 and ID5. It means that roles ID4 and ID5 are
> members of ID1.
> The question: Is there any function in PostgreSQL, that finds all the
> members of role ID1 - even such members, as ID4 and ID5.

Akmal, this isn't really a question for the hackers list. Please try on
"general" or "admin".

However, I know of no function that will recursively expand member
lists. You could easily write your own of course, but you'll want to
decide how to handle the "inherits" flag.

--
Richard Huxton
Archonet Ltd

Akmal Akmalhojaev wrote:
> It doesn't mean if there is "inherit" flag. I'm looking for a C function
> like SearchSysCache() or smth.

Ah - I think the file you neeed to look in is backend/utils/adt/acl.c -
I think it's looking at things the other way around. That is - is the
current role a member of role X rather than list all the roles that are
members of X.

--
Richard Huxton
Archonet Ltd

On Mon, May 21, 2007 at 02:21:52PM +0400, Akmal Akmalhojaev wrote:
> Hello! I have the following question.

Moving to -general.

> For example I have a role ID1 with members ID2 and ID3.
> Role ID2 has also members ID4 and ID5. It means that roles ID4 and ID5 are
> members of ID1.
> The question: Is there any function in PostgreSQL, that finds all the
> members of role ID1 - even such members, as ID4 and ID5.

Here's a function I've written in SQL:

CREATE OR REPLACE FUNCTION get_roles_under(OID)
RETURNS SETOF OID
LANGUAGE sql
AS $$
SELECT
$1
UNION
SELECT
member
FROM
pg_catalog.pg_auth_members
WHERE
roleid = $1
UNION
SELECT
get_roles_over(roleid) AS "roleid"
FROM
pg_catalog.pg_auth_members
WHERE
roleid IN (
SELECT
member
FROM
pg_catalog.pg_auth_members
WHERE
roleid = $1
)
$$;

Cheers,
D
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter

Remember to vote!
Consider donating to PostgreSQL: http://www.postgresql.org/about/donate

On May 21, 2007, at 8:25 AM, David Fetter wrote:
> On Mon, May 21, 2007 at 02:21:52PM +0400, Akmal Akmalhojaev wrote:
>> For example I have a role ID1 with members ID2 and ID3.
>> Role ID2 has also members ID4 and ID5. It means that roles ID4 and
>> ID5 are
>> members of ID1.
>> The question: Is there any function in PostgreSQL, that finds all the
>> members of role ID1 - even such members, as ID4 and ID5.
>
> Here's a function I've written in SQL:
>
> CREATE OR REPLACE FUNCTION get_roles_under(OID)
> RETURNS SETOF OID
> LANGUAGE sql
> AS $$
> SELECT
> $1
> UNION
> SELECT
> member
> FROM
> pg_catalog.pg_auth_members
> WHERE
> roleid = $1
> UNION
> SELECT
> get_roles_over(roleid) AS "roleid"
> FROM
> pg_catalog.pg_auth_members
> WHERE
> roleid IN (
> SELECT
> member
> FROM
> pg_catalog.pg_auth_members
> WHERE
> roleid = $1
> )
> $$;

Should that call to get_roles_over be a call to get_roles_under?
--
Jim Nasby jim(at)nasby(dot)net
EnterpriseDB http://enterprisedb.com 512.569.9461 (cell)