What PostgreSQL query or view can determine who set a users permissions?

Question

I am trying to revoke a database user's permissions and it seems that permissions can only be revoked by the user who granted them. There is thread here discussing the issue. http://archives.postgresql.org/pgsql-bugs/2007-05/msg00234.php

The thread dates back to 2007 and I am not quite sure whether it is viewed as bug and whether that problem is still present in PostgreSQL 8.4 which I am using.

Is there a query or a view that can display that information? That way I can use set session authorization and revoke it.

Answer 1

PostgreSQL 8.4 is outdated. Check out the versioning policy for details. But since it is the standard behavior of SQL (as Tom Lane states in the linked discussion you provided), it's not likely to have changed.

Privileges are stored in the system catalog with the respective object. For instance, for a table:

SELECT n.nspname, c.relname, c.relacl
FROM   pg_catalog.pg_class c
JOIN   pg_catalog.pg_namespace n ON n.oid = c.relnamespace
WHERE  c.oid = 'myschema.mytbl'::regclass  -- your tablename here

Would produce something like:

 nspname  | relname |                  relacl
----------+---------+---------------------------------------------
 myschema | mytbl   | {postgres=arwdDxt/postgres,fuser=r/fadmin}

The rolename after the slash is the grantor. To revoke, as user fadmin (or any superuser):

REVOKE SELECT ON TABLE myschema.mytbl FROM fuser;

There are similar *acl columns in other system tables. pg_namespace for schemas etc. See the list of system tables in the manual.

---

A simpler way would be to use pgAdmin and select an object in the object browser to the left. The ACL will be displayed in the properties pane, top right.