Possibility of adding privileges to objects

[abyss-ms]

Hi @vitabaks I have a question regarding the possibility of adding privileges for users. In the postgresql_cluster project, we can find roles for adding users, databases, and schemas, but there doesn't seem to be an option to add privileges or create a role with specific privileges. Sometimes, it is necessary to create a role (or add a specific privilege to user) like pg_ls_waldir() for example for monitoring purposes. Additionally, some users or service accounts should not have full read/write access to the database.

Is it not possible to add privileges, or is there a solution that I might have missed?

Thank you in advance for your response.

[vitabaks]

Hi @abyss-ms

For this task, we can create roles to perform modules such as postgresql_owner, postgresql_membership and postgresql_privs modules. Or postgresql_query as a more versatile option.

in the meantime, you have the opportunity to use post_deploy_command variable, in which you can specify any script / command that will be executed after the cluster deployment.

[abyss-ms]

Cool. Thank you for your reply. Nice to know about post_deploy_command variable - I haden't noticed it :) I will try to prepare something regarding postgresql_privs soon then.