From cc130391343f8196e474c2dbc5eb2497e09c3e4e Mon Sep 17 00:00:00 2001
From: Jessie Chen <jiezhec@amazon.com>
Date: Tue, 8 Aug 2023 19:33:26 -0700
Subject: [PATCH] migrate from pg_user

---
 .../redshift/macros/adapters/apply_grants.sql | 52 +++++++++++--------
 1 file changed, 30 insertions(+), 22 deletions(-)

diff --git a/dbt/include/redshift/macros/adapters/apply_grants.sql b/dbt/include/redshift/macros/adapters/apply_grants.sql
index fa6523a26..dfda4dbb7 100644
--- a/dbt/include/redshift/macros/adapters/apply_grants.sql
+++ b/dbt/include/redshift/macros/adapters/apply_grants.sql
@@ -1,27 +1,35 @@
-{% macro redshift__get_show_grant_sql(relation) %}
-
-with privileges as (
+{% macro get_users() %}
+{% call statement('get_users_list', fetch_result=True) -%}
+select
+    distinct user_name
+from svv_user_info
+where
+    user_name != current_user
+    and superuser = false
+  {% endcall %}
 
-    -- valid options per https://docs.aws.amazon.com/redshift/latest/dg/r_HAS_TABLE_PRIVILEGE.html
-    select 'select' as privilege_type
-    union all
-    select 'insert' as privilege_type
-    union all
-    select 'update' as privilege_type
-    union all
-    select 'delete' as privilege_type
-    union all
-    select 'references' as privilege_type
+{{ return(load_result('get_users_list').table) }}
+{% endmacro %}
 
-)
+{% macro redshift__get_show_grant_sql(relation) %}
+{% set users_list = get_users() %}
+{%- set users_list = users_list.columns[0].values() -%}
+{%- set user_privilege_list = [] -%}
+{% for username in users_list %}
+    {{ user_privilege_list.append((username, 'select')) }}
+    {{ user_privilege_list.append((username, 'insert')) }}
+    {{ user_privilege_list.append((username, 'update')) }}
+    {{ user_privilege_list.append((username, 'delete')) }}
+    {{ user_privilege_list.append((username, 'references')) }}
+{% endfor %}
 
-select
-    u.usename as grantee,
-    p.privilege_type
-from pg_user u
-cross join privileges p
-where has_table_privilege(u.usename, '{{ relation }}', privilege_type)
-    and u.usename != current_user
-    and not u.usesuper
+{% for username, privilege in (user_privilege_list) %}
+    select '{{ username }}' as grantee,
+    '{{ privilege }}' as privilege_type
+    where has_table_privilege('{{ username }}', '{{ relation }}', '{{ privilege }}')
+    {% if not loop.last %}
+    union all
+    {% endif %}
+{% endfor %}
 
 {% endmacro %}