salt.states.postgres_privileges

Management of PostgreSQL Privileges

The postgres_privileges module is used to manage Postgres privileges. Privileges can be set as either absent or present.

Privileges can be set on the following database object types:

  • database
  • schema
  • tablespace
  • table
  • sequence
  • language
  • group

Setting the grant option is supported as well.

New in version 2016.3.0.

baruwa:
  postgres_privileges.present:
    - object_name: awl
    - object_type: table
    - privileges:
      - SELECT
      - INSERT
      - DELETE
    - grant_option: False
    - prepend: public
    - maintenance_db: testdb
andrew:
  postgres_privileges.present:
    - object_name: admins
    - object_type: group
    - grant_option: False
    - maintenance_db: testdb
baruwa:
  postgres_privileges.absent:
    - object_name: awl
    - object_type: table
    - privileges:
      - SELECT
      - INSERT
      - DELETE
    - prepend: public
    - maintenance_db: testdb
andrew:
  postgres_privileges.absent:
    - object_name: admins
    - object_type: group
    - maintenance_db: testdb
salt.states.postgres_privileges.absent(name, object_name, object_type, privileges=None, prepend='public', maintenance_db=None, user=None, db_password=None, db_host=None, db_port=None, db_user=None)

Revoke the requested privilege(s) on the specificed object(s)

name
Name of the role whose privileges should be revoked
object_name
Name of the object on which the revoke is to be performed
object_type

The object type, which can be one of the following:

  • table
  • sequence
  • schema
  • tablespace
  • language
  • database
  • group
  • function

View permissions should specify object_type: table.

privileges

Comma separated list of privileges to revoke, from the list below:

  • INSERT
  • CREATE
  • TRUNCATE
  • CONNECT
  • TRIGGER
  • SELECT
  • USAGE
  • TEMPORARY
  • UPDATE
  • EXECUTE
  • REFERENCES
  • DELETE
  • ALL
note:privileges should not be set when revoking group membership
prepend
Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema
maintenance_db
The name of the database in which the language is to be installed
user
System user all operations should be performed on behalf of
db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default
salt.states.postgres_privileges.present(name, object_name, object_type, privileges=None, grant_option=None, prepend='public', maintenance_db=None, user=None, db_password=None, db_host=None, db_port=None, db_user=None)

Grant the requested privilege(s) on the specified object to a role

name
Name of the role to which privileges should be granted
object_name
Name of the object on which the grant is to be performed. 'ALL' may be used for objects of type 'table' or 'sequence'.
object_type

The object type, which can be one of the following:

  • table
  • sequence
  • schema
  • tablespace
  • language
  • database
  • group
  • function

View permissions should specify object_type: table.

privileges

List of privileges to grant, from the list below:

  • INSERT
  • CREATE
  • TRUNCATE
  • CONNECT
  • TRIGGER
  • SELECT
  • USAGE
  • TEMPORARY
  • UPDATE
  • EXECUTE
  • REFERENCES
  • DELETE
  • ALL
note:privileges should not be set when granting group membership
grant_option
If grant_option is set to True, the recipient of the privilege can in turn grant it to others
prepend
Table and Sequence object types live under a schema so this should be provided if the object is not under the default public schema
maintenance_db
The name of the database in which the language is to be installed
user
System user all operations should be performed on behalf of
db_user
database username if different from config or default
db_password
user password if any password for a specified user
db_host
Database host if different from config or default
db_port
Database port if different from config or default