I want to create a user in postgres who can only made SELECT in all the tables of the current database. How can specify ALL tables in puppet?
Here an extract of my puppet file:
... postgresql::server::database_grant { 'PnBP': privilege => 'CREATE', db => 'db', role => 'role', } postgresql::server::table_grant { 'SELECT': privilege => 'SELECT', table => 'ALL', db => 'db', role => 'role', } ... But when I specify the word ALL it doesn't work. Here the error:
Error: /Stage[main]/Main/Node[default]/Postgresql::Server::Table_grant[PnBP]/Postgresql::Server::Grant[table:PnBP]/Postgresql_psql[grant:table:PnBP]: Could not evaluate: Error evaluating 'unless' clause, returned pid 30443 exit 1: 'ERROR: relation "all" does not exist '
I check the doc, but it doesn't specify how to apply the privileges for all the tables.
table : Specifies the table to which you are granting access.
1 Answers
Answers 1
The Puppet documentation for Postgresql describes a postgresql::server::grant option that looks more flexible than the table_grant which assumes a single table.
Looks to be something like:
postgresql::server::grant{ 'SELECT': object_type => 'ALL TABLES IN SCHEMA', object_name => 'public', privilege => 'SELECT', db => 'db', role => 'role', } https://github.com/puppetlabs/puppetlabs-postgresql#postgresqlservergrant
0 comments:
Post a Comment