权限管理 - Role based Access Control

CREATE ROLE bi_users;
CREATE ROLE data_analysts;

CREATE USER dan PASSWORD 'Redshift123' ;
GRANT ROLE data_analysts to dan;

CREATE USER sam PASSWORD 'Redshift123';
GRANT ROLE bi_users to sam;

CREATE VIEW supplier_view AS SELECT * FROM tpc.public.supplier WITH NO SCHEMA BINDING;
CREATE VIEW lineitem_view AS SELECT * FROM tpc.public.lineitem WITH NO SCHEMA BINDING;
CREATE VIEW nation_view AS SELECT * FROM tpc.public.nation WITH NO SCHEMA BINDING;
CREATE VIEW orders_view AS SELECT * FROM tpc.public.orders WITH NO SCHEMA BINDING;
CREATE VIEW part_view AS SELECT * FROM tpc.public.part WITH NO SCHEMA BINDING;
CREATE VIEW partsupp_view AS SELECT * FROM tpc.public.partsupp WITH NO SCHEMA BINDING;
CREATE VIEW region_view AS SELECT * FROM tpc.public.region WITH NO SCHEMA BINDING;

CREATE VIEW supplier_shipmode_agg as
select l_suppkey, l_shipmode, datepart(year, L_SHIPDATE) l_shipyear,
SUM(L_QUANTITY) TOTAL_QTY,
SUM(L_DISCOUNT) TOTAL_DISCOUNT,
SUM(L_TAX) TOTAL_TAX,
SUM(L_EXTENDEDPRICE) TOTAL_EXTENDEDPRICE
from tpc.public.lineitem
group by 1,2,3
WITH NO SCHEMA BINDING;

GRANT SELECT ON 
lineitem_view, 
nation_view,
orders_view,
part_view,
partsupp_view,
region_view,
supplier_view
TO ROLE data_analysts;

GRANT SELECT ON supplier_shipmode_agg
TO ROLE bi_users;

Select * from nation_view limit 100;

Select * from supplier_shipmode_agg limit 100;

Select * from supplier_shipmode_agg limit 100;

Select * from nation_view limit 100;