HAS_ASSUMEROLE_PRIVILEGE - Amazon Redshift

HAS_ASSUMEROLE_PRIVILEGE

Returns Boolean true (t) if the specified user has the specified IAM role with the privilege to run the specified command. The function returns false (f) if the user doesn't have the specified IAM role with the privilege to run the specified command. For more information about privileges, see GRANT.

Syntax

has_assumerole_privilege( [ user, ] iam_role_arn, cmd_type)

Arguments

user

The name of the user to check for IAM role privileges. The default is to check the current user. Superusers and users can use this function. However, users can only view their own privileges.

iam_role_arn

The IAM role that has been granted the command privileges.

cmd_type

The command for which access has been granted. Valid values are the following:

  • COPY

  • UNLOAD

  • EXTERNAL FUNCTION

  • CREATE MODEL

Return type

BOOLEAN

Example

The following query confirms that the user reg_user1 has the privilege for the Redshift-S3-Read role to run the COPY command.

select has_assumerole_privilege('reg_user1', 'arn:aws:iam::123456789012:role/Redshift-S3-Read', 'copy');
has_assumerole_privilege ------------------------ true (1 row)