|
|
@ -136,7 +136,7 @@ EXAMPLES = """
|
|
|
|
# On database "library":
|
|
|
|
# On database "library":
|
|
|
|
# GRANT SELECT, INSERT, UPDATE ON TABLE public.books, public.authors
|
|
|
|
# GRANT SELECT, INSERT, UPDATE ON TABLE public.books, public.authors
|
|
|
|
# TO librarian, reader WITH GRANT OPTION
|
|
|
|
# TO librarian, reader WITH GRANT OPTION
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
database=library
|
|
|
|
database=library
|
|
|
|
state=present
|
|
|
|
state=present
|
|
|
|
privs=SELECT,INSERT,UPDATE
|
|
|
|
privs=SELECT,INSERT,UPDATE
|
|
|
@ -147,7 +147,7 @@ postgresql_privs: >
|
|
|
|
grant_option=yes
|
|
|
|
grant_option=yes
|
|
|
|
|
|
|
|
|
|
|
|
# Same as above leveraging default values:
|
|
|
|
# Same as above leveraging default values:
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
privs=SELECT,INSERT,UPDATE
|
|
|
|
privs=SELECT,INSERT,UPDATE
|
|
|
|
objs=books,authors
|
|
|
|
objs=books,authors
|
|
|
@ -157,7 +157,7 @@ postgresql_privs: >
|
|
|
|
# REVOKE GRANT OPTION FOR INSERT ON TABLE books FROM reader
|
|
|
|
# REVOKE GRANT OPTION FOR INSERT ON TABLE books FROM reader
|
|
|
|
# Note that role "reader" will be *granted* INSERT privilege itself if this
|
|
|
|
# Note that role "reader" will be *granted* INSERT privilege itself if this
|
|
|
|
# isn't already the case (since state=present).
|
|
|
|
# isn't already the case (since state=present).
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
state=present
|
|
|
|
state=present
|
|
|
|
priv=INSERT
|
|
|
|
priv=INSERT
|
|
|
@ -167,7 +167,7 @@ postgresql_privs: >
|
|
|
|
|
|
|
|
|
|
|
|
# REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader
|
|
|
|
# REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader
|
|
|
|
# "public" is the default schema. This also works for PostgreSQL 8.x.
|
|
|
|
# "public" is the default schema. This also works for PostgreSQL 8.x.
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
state=absent
|
|
|
|
state=absent
|
|
|
|
privs=INSERT,UPDATE
|
|
|
|
privs=INSERT,UPDATE
|
|
|
@ -175,7 +175,7 @@ postgresql_privs: >
|
|
|
|
role=reader
|
|
|
|
role=reader
|
|
|
|
|
|
|
|
|
|
|
|
# GRANT ALL PRIVILEGES ON SCHEMA public, math TO librarian
|
|
|
|
# GRANT ALL PRIVILEGES ON SCHEMA public, math TO librarian
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
privs=ALL
|
|
|
|
privs=ALL
|
|
|
|
type=schema
|
|
|
|
type=schema
|
|
|
@ -184,7 +184,7 @@ postgresql_privs: >
|
|
|
|
|
|
|
|
|
|
|
|
# GRANT ALL PRIVILEGES ON FUNCTION math.add(int, int) TO librarian, reader
|
|
|
|
# GRANT ALL PRIVILEGES ON FUNCTION math.add(int, int) TO librarian, reader
|
|
|
|
# Note the separation of arguments with colons.
|
|
|
|
# Note the separation of arguments with colons.
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
privs=ALL
|
|
|
|
privs=ALL
|
|
|
|
type=function
|
|
|
|
type=function
|
|
|
@ -195,7 +195,7 @@ postgresql_privs: >
|
|
|
|
# GRANT librarian, reader TO alice, bob WITH ADMIN OPTION
|
|
|
|
# GRANT librarian, reader TO alice, bob WITH ADMIN OPTION
|
|
|
|
# Note that group role memberships apply cluster-wide and therefore are not
|
|
|
|
# Note that group role memberships apply cluster-wide and therefore are not
|
|
|
|
# restricted to database "library" here.
|
|
|
|
# restricted to database "library" here.
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
type=group
|
|
|
|
type=group
|
|
|
|
objs=librarian,reader
|
|
|
|
objs=librarian,reader
|
|
|
@ -205,7 +205,7 @@ postgresql_privs: >
|
|
|
|
# GRANT ALL PRIVILEGES ON DATABASE library TO librarian
|
|
|
|
# GRANT ALL PRIVILEGES ON DATABASE library TO librarian
|
|
|
|
# Note that here "db=postgres" specifies the database to connect to, not the
|
|
|
|
# Note that here "db=postgres" specifies the database to connect to, not the
|
|
|
|
# database to grant privileges on (which is specified via the "objs" param)
|
|
|
|
# database to grant privileges on (which is specified via the "objs" param)
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=postgres
|
|
|
|
db=postgres
|
|
|
|
privs=ALL
|
|
|
|
privs=ALL
|
|
|
|
type=database
|
|
|
|
type=database
|
|
|
@ -215,7 +215,7 @@ postgresql_privs: >
|
|
|
|
# GRANT ALL PRIVILEGES ON DATABASE library TO librarian
|
|
|
|
# GRANT ALL PRIVILEGES ON DATABASE library TO librarian
|
|
|
|
# If objs is omitted for type "database", it defaults to the database
|
|
|
|
# If objs is omitted for type "database", it defaults to the database
|
|
|
|
# to which the connection is established
|
|
|
|
# to which the connection is established
|
|
|
|
postgresql_privs: >
|
|
|
|
- postgresql_privs: >
|
|
|
|
db=library
|
|
|
|
db=library
|
|
|
|
privs=ALL
|
|
|
|
privs=ALL
|
|
|
|
type=database
|
|
|
|
type=database
|
|
|
|