| From: | Jille Timmermans <jille(at)quis(dot)cx> |
|---|---|
| To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | pgperms: Declarative / config as code for PostgreSQL permissions |
| Date: | 2023-01-24 19:42:58 |
| Message-ID: | 94e773aa6934b303dfce44c0ee46c744@quis.cx |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hey all,
I wrote a tool that can manage PostgreSQL permissions from a config
file. The config file describes your desired roles and grants and syncs
them to your PostgreSQL cluster. This allows you to manage your
permissions in Git, for example.
You can find detailed instructions and the binaries at
https://github.com/SnoozeThis-org/pgperms.
Here's some example config to show its features:
> roles:
> yourname:
> password: SCRAM-SHA-256$4096:...
> createdb: true
> databases:
> - mydatabase
> schemas:
> - mydatabase.myschema
> database_privileges:
> - roles: [yourname]
> privileges: [CONNECT, TEMPORARY]
> databases: [mydatabase]
> schema_privileges:
> - roles: [yourname]
> privileges: [CREATE, USAGE]
> schemas: [mydatabase.myschema]
> table_privileges:
> - roles: [yourname]
> privileges: [SELECT, INSERT, UPDATE]
> tables: [mydatabase.otherschema.*]
Let me know if you find any bugs or need any missing features. It'd be
great to hear people find this useful :)
-- Jille
Development of pgperms is sponsored by SnoozeThis: a bot that can hold
on to your blocked issues until they're actionable
(https://www.snoozethis.com)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerry Sievers | 2023-01-25 17:50:42 | Does raising maintenance_work_mem get seen by an already running aucovac? |
| Previous Message | Sbob | 2023-01-24 19:26:09 | Failover / repmgr questions |