Update documentation for postgresql_user
This commit is contained in:
parent
de207dc3fa
commit
07580692f5
1 changed files with 27 additions and 4 deletions
|
@ -5,8 +5,8 @@ postgresql_user
|
|||
|
||||
.. versionadded:: 0.6
|
||||
|
||||
Add or remove PostgreSQL users (roles) from a remote host, and grant the users
|
||||
access to an existing database.
|
||||
Add or remove PostgreSQL users (roles) from a remote host and, optionally, grant the users
|
||||
access to an existing database or tables.
|
||||
|
||||
The default authentication assumes that you are either logging in as or
|
||||
sudo'ing to the postgres account on the host.
|
||||
|
@ -25,7 +25,11 @@ host before using this module.
|
|||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
| password | yes | | set the user's password |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
| db | yes | | name of an existing database to grant user access to |
|
||||
| db | no | | name of database where permissions will be granted |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
| priv | no | | PostgreSQL privileges string in the format: table:priv1,priv2 |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
| fail_on_user | no | yes | if yes, fail when user can't be removed. Otherwise just log and continue |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
| login_user | no | postgres | user (role) used to authenticate with PostgreSQL |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
|
@ -36,7 +40,26 @@ host before using this module.
|
|||
| state | | present | 'absent' or 'present' |
|
||||
+--------------------+----------+----------+----------------------------------------------------------------------------+
|
||||
|
||||
The fundamental function of the module is to create, or delete, roles from a PostgreSQL cluster.
|
||||
Privilege assignment, or removal, is an optional step, which works on one database at a time.
|
||||
This allows for the module to be called several times in the same module to modify the permissions on
|
||||
different databases, or to grant permissions to already existing users.
|
||||
|
||||
A user cannot be removed untill all the privileges have been stripped from the user. In such situation,
|
||||
if the module tries to remove the user it will fail. To avoid this from happening the *fail_on_user* option
|
||||
signals the module to try to remove the user, but if not possible keep going; the module will report if changes
|
||||
happened and separately if the user was removed or not.
|
||||
|
||||
Example privileges string format:
|
||||
|
||||
INSERT,UPDATE/table:SELECT/anothertable:ALL
|
||||
|
||||
Example action from Ansible :doc:`playbooks`::
|
||||
|
||||
postgresql_user db=acme user=django password=ceec4eif7ya
|
||||
- name: Create django user and grant access to database and products table
|
||||
postgresql_user db=acme user=django password=ceec4eif7ya privs=CONNECT/products:ALL
|
||||
|
||||
- name: Remove test user privileges from acme
|
||||
postgresql_user db=acme user=test privs=ALL/products:ALL state=absent fail_on_user=no
|
||||
- name: Remove test user from test database and the cluster
|
||||
postgresql_user db=test user=test privs=ALL state=absent
|
||||
|
|
Loading…
Reference in a new issue