Merge pull request #10 from Riskified/DEV-84165-fix-read-grants

fix table & sequence read grants
Riskified · Feb 20, 2024 · 154d0ce · 154d0ce
2 parents e418939 + 7f26a6f
commit 154d0ce
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/postgresql/resource_postgresql_grant.go b/postgresql/resource_postgresql_grant.go
@@ -479,7 +479,12 @@ GROUP BY pg_proc.proname
 		return readColumnRolePrivileges(txn, d)
 
 	default:
-		query = `
+		if !db.featureSupported(fetureAclExplode) {
+			query = fmt.Sprintf("with a as (show tables from %s) , b as (show grants on table * for %s) select a.table_name,  array_agg(privilege_type) from a inner join b on a.table_name=b.table_name and a.schema_name = b.schema_name  where a.type='%s'  and grantee= '%s' group by a.table_name;", d.Get("schema"), role, objectType, role)
+			rows, err = txn.Query(
+				query)
+		} else {
+			query = `
 SELECT pg_class.relname, array_remove(array_agg(privilege_type), NULL)
 FROM pg_class
 JOIN pg_namespace ON pg_namespace.oid = pg_class.relnamespace
@@ -493,9 +498,11 @@ USING (relname, relnamespace, relkind)
 WHERE nspname = $2 AND relkind = $3
 GROUP BY pg_class.relname
 `
-		rows, err = txn.Query(
-			query, roleOID, d.Get("schema"), objectTypes[objectType],
-		)
+
+			rows, err = txn.Query(
+				query, roleOID, d.Get("schema"), objectTypes[objectType],
+			)
+		}
 	}
 
 	// This returns, for the specified role (rolname),