diff --git a/dbt/include/redshift/macros/adapters/apply_grants.sql b/dbt/include/redshift/macros/adapters/apply_grants.sql index fa6523a26..dfda4dbb7 100644 --- a/dbt/include/redshift/macros/adapters/apply_grants.sql +++ b/dbt/include/redshift/macros/adapters/apply_grants.sql @@ -1,27 +1,35 @@ -{% macro redshift__get_show_grant_sql(relation) %} - -with privileges as ( +{% macro get_users() %} +{% call statement('get_users_list', fetch_result=True) -%} +select + distinct user_name +from svv_user_info +where + user_name != current_user + and superuser = false + {% endcall %} - -- valid options per https://docs.aws.amazon.com/redshift/latest/dg/r_HAS_TABLE_PRIVILEGE.html - select 'select' as privilege_type - union all - select 'insert' as privilege_type - union all - select 'update' as privilege_type - union all - select 'delete' as privilege_type - union all - select 'references' as privilege_type +{{ return(load_result('get_users_list').table) }} +{% endmacro %} -) +{% macro redshift__get_show_grant_sql(relation) %} +{% set users_list = get_users() %} +{%- set users_list = users_list.columns[0].values() -%} +{%- set user_privilege_list = [] -%} +{% for username in users_list %} + {{ user_privilege_list.append((username, 'select')) }} + {{ user_privilege_list.append((username, 'insert')) }} + {{ user_privilege_list.append((username, 'update')) }} + {{ user_privilege_list.append((username, 'delete')) }} + {{ user_privilege_list.append((username, 'references')) }} +{% endfor %} -select - u.usename as grantee, - p.privilege_type -from pg_user u -cross join privileges p -where has_table_privilege(u.usename, '{{ relation }}', privilege_type) - and u.usename != current_user - and not u.usesuper +{% for username, privilege in (user_privilege_list) %} + select '{{ username }}' as grantee, + '{{ privilege }}' as privilege_type + where has_table_privilege('{{ username }}', '{{ relation }}', '{{ privilege }}') + {% if not loop.last %} + union all + {% endif %} +{% endfor %} {% endmacro %}