diff options
| author | Christian Cleberg <hello@cleberg.net> | 2025-04-25 17:37:39 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-04-25 22:37:39 +0000 |
| commit | 86db2585623515fe38347811ec4bf46565d2c44b (patch) | |
| tree | a0d9860ea8ffeea4ff08939ffdb41c6c8158dd1c /databases/administrators/postgres | |
| parent | 7ba7b11f85dcca361ba5497d23b33e53f2525b0c (diff) | |
| download | audit-tools-86db2585623515fe38347811ec4bf46565d2c44b.tar.gz audit-tools-86db2585623515fe38347811ec4bf46565d2c44b.tar.bz2 audit-tools-86db2585623515fe38347811ec4bf46565d2c44b.zip | |
MySQL & Postgres Enhancements (#5)
* remove mysql login script and add password script
* move excess mysql password query to new script
* add db admin folders
* add postgres
* add mongo admins script
* Commit from GitHub Actions (Ruff)
* update tests for mysql and postgres
* update tests for mysql and postgres
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'databases/administrators/postgres')
| -rw-r--r-- | databases/administrators/postgres/README.org | 45 | ||||
| -rw-r--r-- | databases/administrators/postgres/admins.sql | 22 |
2 files changed, 67 insertions, 0 deletions
diff --git a/databases/administrators/postgres/README.org b/databases/administrators/postgres/README.org new file mode 100644 index 0000000..fe361de --- /dev/null +++ b/databases/administrators/postgres/README.org @@ -0,0 +1,45 @@ +#+title: Postgres Admins + +* =admins.sql= + +#+begin_src sql +SELECT + r.rolname AS role_name, + r.rolsuper AS is_superuser, + r.rolinherit AS inherits_privileges, + r.rolcreaterole AS can_create_roles, + r.rolcreatedb AS can_create_db, + r.rolcanlogin AS can_login, + r.rolreplication AS can_replication, + r.rolconnlimit AS connection_limit, + r.rolvaliduntil AS valid_until, + ARRAY( + SELECT b.rolname + FROM pg_auth_members m + JOIN pg_roles b ON (m.roleid = b.oid) + WHERE m.member = r.oid + ) AS member_of +FROM pg_roles r; +#+end_src + +#+begin_src +| role_name | is_superuser | inherits_privileges | can_create_roles | can_create_db | can_login | can_replication | connection_limit | valid_until | member_of | +|-----------------------------+--------------+---------------------+------------------+---------------+-----------+-----------------+------------------+------------------------+--------------------------------------------------------------| +| cmc | true | true | true | true | true | true | -1 | | {} | +| pg_database_owner | false | true | false | false | false | false | -1 | | {} | +| pg_read_all_data | false | true | false | false | false | false | -1 | | {} | +| pg_write_all_data | false | true | false | false | false | false | -1 | | {} | +| pg_monitor | false | true | false | false | false | false | -1 | | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables} | +| pg_read_all_settings | false | true | false | false | false | false | -1 | | {} | +| pg_read_all_stats | false | true | false | false | false | false | -1 | | {} | +| pg_stat_scan_tables | false | true | false | false | false | false | -1 | | {} | +| pg_read_server_files | false | true | false | false | false | false | -1 | | {} | +| pg_write_server_files | false | true | false | false | false | false | -1 | | {} | +| pg_execute_server_program | false | true | false | false | false | false | -1 | | {} | +| pg_signal_backend | false | true | false | false | false | false | -1 | | {} | +| pg_checkpoint | false | true | false | false | false | false | -1 | | {} | +| pg_maintain | false | true | false | false | false | false | -1 | | {} | +| pg_use_reserved_connections | false | true | false | false | false | false | -1 | | {} | +| pg_create_subscription | false | true | false | false | false | false | -1 | | {} | +| testuser | false | true | false | false | true | false | -1 | 2025-12-31 00:00:00-06 | {} | +#+end_src diff --git a/databases/administrators/postgres/admins.sql b/databases/administrators/postgres/admins.sql new file mode 100644 index 0000000..6f9d320 --- /dev/null +++ b/databases/administrators/postgres/admins.sql @@ -0,0 +1,22 @@ +-- References:
+-- : https://www.postgresql.org/docs/current/user-manag.html
+-- : https://www.postgresql.org/docs/current/view-pg-roles.html
+-- : https://www.postgresql.org/docs/current/catalog-pg-auth-members.html
+
+SELECT
+ r.rolname AS role_name,
+ r.rolsuper AS is_superuser,
+ r.rolinherit AS inherits_privileges,
+ r.rolcreaterole AS can_create_roles,
+ r.rolcreatedb AS can_create_db,
+ r.rolcanlogin AS can_login,
+ r.rolreplication AS can_replication,
+ r.rolconnlimit AS connection_limit,
+ r.rolvaliduntil AS valid_until,
+ ARRAY(
+ SELECT b.rolname
+ FROM pg_auth_members m
+ JOIN pg_roles b ON (m.roleid = b.oid)
+ WHERE m.member = r.oid
+ ) AS member_of
+FROM pg_roles r;
\ No newline at end of file |