salt.states.postgres_privileges

Management of PostgreSQL Privileges

The postgres_privileges module is used to manage Postgres privileges. Privileges can be set as either absent or present.

Privileges can be set on the following database object types:

  • database

  • schema

  • tablespace

  • table

  • sequence

  • language

  • group

Setting the grant option is supported as well.

New in version 2016.3.0.

baruwa:
  postgres_privileges.present:
    - object_name: awl
    - object_type: table
    - privileges:
      - SELECT
      - INSERT
      - DELETE
    - grant_option: False
    - prepend: public
    - maintenance_db: testdb
andrew:
  postgres_privileges.present:
    - object_name: admins
    - object_type: group
    - grant_option: False
    - maintenance_db: testdb
baruwa:
  postgres_privileges.absent:
    - object_name: awl
    - object_type: table
    - privileges:
      - SELECT
      - INSERT
      - DELETE
    - prepend: public
    - maintenance_db: testdb
andrew:
  postgres_privileges.absent:
    - object_name: admins
    - object_type: group
    - maintenance_db: testdb
salt.states.postgres_privileges.absent(name, object_name, object_type, privileges=None, prepend='public', maintenance_db=None, user=None, db_password=None, db_host=None, db_port=None, db_user=None)

Revoke the requested privilege(s) on the specificed object(s)

name

Name of the role whose privileges should be revoked

object_name

Name of the object on which the revoke is to be performed

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

View permissions should specify object_type: table.

privileges

Comma separated list of privileges to revoke, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • CONNECT

  • TRIGGER

  • SELECT

  • USAGE

  • TEMPORARY

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

note:

privileges should not be set when revoking group membership

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The name of the database in which the language is to be installed

user

System user all operations should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default

salt.states.postgres_privileges.present(name, object_name, object_type, privileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, db_password=None, db_host=None, db_port=None, db_user=None)

Grant the requested privilege(s) on the specified object to a role

name

Name of the role to which privileges should be granted

object_name

Name of the object on which the grant is to be performed. 'ALL' may be used for objects of type 'table' or 'sequence'.

object_type

The object type, which can be one of the following:

  • table

  • sequence

  • schema

  • tablespace

  • language

  • database

  • group

  • function

View permissions should specify object_type: table.

privileges

List of privileges to grant, from the list below:

  • INSERT

  • CREATE

  • TRUNCATE

  • CONNECT

  • TRIGGER

  • SELECT

  • USAGE

  • TEMPORARY

  • UPDATE

  • EXECUTE

  • REFERENCES

  • DELETE

  • ALL

note:

privileges should not be set when granting group membership

grant_option

If grant_option is set to True, the recipient of the privilege can in turn grant it to others

prepend

Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema

maintenance_db

The name of the database in which the language is to be installed

user

System user all operations should be performed on behalf of

db_user

database username if different from config or default

db_password

user password if any password for a specified user

db_host

Database host if different from config or default

db_port

Database port if different from config or default