PostgreSQL v3.16.0 published on Tuesday, Sep 2, 2025 by Pulumi
postgresql.Grant
The postgresql.Grant resource creates and manages privileges given to a user for a database schema.
Note: This resource needs Postgresql version 9 or above. Note: Using column & table grants on the same table with the same privileges can lead to unexpected behaviours.
Usage
import * as pulumi from "@pulumi/pulumi";
import * as postgresql from "@pulumi/postgresql";
// Grant SELECT privileges on 2 tables
const readonlyTables = new postgresql.Grant("readonly_tables", {
database: "test_db",
role: "test_role",
schema: "public",
objectType: "table",
objects: [
"table1",
"table2",
],
privileges: ["SELECT"],
});
// Grant SELECT & INSERT privileges on 2 columns in 1 table
const readInsertColumn = new postgresql.Grant("read_insert_column", {
database: "test_db",
role: "test_role",
schema: "public",
objectType: "column",
objects: ["table1"],
columns: [
"col1",
"col2",
],
privileges: [
"UPDATE",
"INSERT",
],
});
import pulumi
import pulumi_postgresql as postgresql
# Grant SELECT privileges on 2 tables
readonly_tables = postgresql.Grant("readonly_tables",
database="test_db",
role="test_role",
schema="public",
object_type="table",
objects=[
"table1",
"table2",
],
privileges=["SELECT"])
# Grant SELECT & INSERT privileges on 2 columns in 1 table
read_insert_column = postgresql.Grant("read_insert_column",
database="test_db",
role="test_role",
schema="public",
object_type="column",
objects=["table1"],
columns=[
"col1",
"col2",
],
privileges=[
"UPDATE",
"INSERT",
])
package main
import (
"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Grant SELECT privileges on 2 tables
_, err := postgresql.NewGrant(ctx, "readonly_tables", &postgresql.GrantArgs{
Database: pulumi.String("test_db"),
Role: pulumi.String("test_role"),
Schema: pulumi.String("public"),
ObjectType: pulumi.String("table"),
Objects: pulumi.StringArray{
pulumi.String("table1"),
pulumi.String("table2"),
},
Privileges: pulumi.StringArray{
pulumi.String("SELECT"),
},
})
if err != nil {
return err
}
// Grant SELECT & INSERT privileges on 2 columns in 1 table
_, err = postgresql.NewGrant(ctx, "read_insert_column", &postgresql.GrantArgs{
Database: pulumi.String("test_db"),
Role: pulumi.String("test_role"),
Schema: pulumi.String("public"),
ObjectType: pulumi.String("column"),
Objects: pulumi.StringArray{
pulumi.String("table1"),
},
Columns: pulumi.StringArray{
pulumi.String("col1"),
pulumi.String("col2"),
},
Privileges: pulumi.StringArray{
pulumi.String("UPDATE"),
pulumi.String("INSERT"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using PostgreSql = Pulumi.PostgreSql;
return await Deployment.RunAsync(() =>
{
// Grant SELECT privileges on 2 tables
var readonlyTables = new PostgreSql.Grant("readonly_tables", new()
{
Database = "test_db",
Role = "test_role",
Schema = "public",
ObjectType = "table",
Objects = new[]
{
"table1",
"table2",
},
Privileges = new[]
{
"SELECT",
},
});
// Grant SELECT & INSERT privileges on 2 columns in 1 table
var readInsertColumn = new PostgreSql.Grant("read_insert_column", new()
{
Database = "test_db",
Role = "test_role",
Schema = "public",
ObjectType = "column",
Objects = new[]
{
"table1",
},
Columns = new[]
{
"col1",
"col2",
},
Privileges = new[]
{
"UPDATE",
"INSERT",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.postgresql.Grant;
import com.pulumi.postgresql.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Grant SELECT privileges on 2 tables
var readonlyTables = new Grant("readonlyTables", GrantArgs.builder()
.database("test_db")
.role("test_role")
.schema("public")
.objectType("table")
.objects(
"table1",
"table2")
.privileges("SELECT")
.build());
// Grant SELECT & INSERT privileges on 2 columns in 1 table
var readInsertColumn = new Grant("readInsertColumn", GrantArgs.builder()
.database("test_db")
.role("test_role")
.schema("public")
.objectType("column")
.objects("table1")
.columns(
"col1",
"col2")
.privileges(
"UPDATE",
"INSERT")
.build());
}
}
resources:
# Grant SELECT privileges on 2 tables
readonlyTables:
type: postgresql:Grant
name: readonly_tables
properties:
database: test_db
role: test_role
schema: public
objectType: table
objects:
- table1
- table2
privileges:
- SELECT
# Grant SELECT & INSERT privileges on 2 columns in 1 table
readInsertColumn:
type: postgresql:Grant
name: read_insert_column
properties:
database: test_db
role: test_role
schema: public
objectType: column
objects:
- table1
columns:
- col1
- col2
privileges:
- UPDATE
- INSERT
Examples
Revoke default accesses for public schema:
import * as pulumi from "@pulumi/pulumi";
import * as postgresql from "@pulumi/postgresql";
const revokePublic = new postgresql.Grant("revoke_public", {
database: "test_db",
role: "public",
schema: "public",
objectType: "schema",
privileges: [],
});
import pulumi
import pulumi_postgresql as postgresql
revoke_public = postgresql.Grant("revoke_public",
database="test_db",
role="public",
schema="public",
object_type="schema",
privileges=[])
package main
import (
"github.com/pulumi/pulumi-postgresql/sdk/v3/go/postgresql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := postgresql.NewGrant(ctx, "revoke_public", &postgresql.GrantArgs{
Database: pulumi.String("test_db"),
Role: pulumi.String("public"),
Schema: pulumi.String("public"),
ObjectType: pulumi.String("schema"),
Privileges: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using PostgreSql = Pulumi.PostgreSql;
return await Deployment.RunAsync(() =>
{
var revokePublic = new PostgreSql.Grant("revoke_public", new()
{
Database = "test_db",
Role = "public",
Schema = "public",
ObjectType = "schema",
Privileges = new[] {},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.postgresql.Grant;
import com.pulumi.postgresql.GrantArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var revokePublic = new Grant("revokePublic", GrantArgs.builder()
.database("test_db")
.role("public")
.schema("public")
.objectType("schema")
.privileges()
.build());
}
}
resources:
revokePublic:
type: postgresql:Grant
name: revoke_public
properties:
database: test_db
role: public
schema: public
objectType: schema
privileges: []
Create Grant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Grant(name: string, args: GrantArgs, opts?: CustomResourceOptions);@overload
def Grant(resource_name: str,
args: GrantArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Grant(resource_name: str,
opts: Optional[ResourceOptions] = None,
database: Optional[str] = None,
object_type: Optional[str] = None,
privileges: Optional[Sequence[str]] = None,
role: Optional[str] = None,
columns: Optional[Sequence[str]] = None,
objects: Optional[Sequence[str]] = None,
schema: Optional[str] = None,
with_grant_option: Optional[bool] = None)func NewGrant(ctx *Context, name string, args GrantArgs, opts ...ResourceOption) (*Grant, error)public Grant(string name, GrantArgs args, CustomResourceOptions? opts = null)type: postgresql:Grant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GrantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GrantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GrantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var grantResource = new PostgreSql.Grant("grantResource", new()
{
Database = "string",
ObjectType = "string",
Privileges = new[]
{
"string",
},
Role = "string",
Columns = new[]
{
"string",
},
Objects = new[]
{
"string",
},
Schema = "string",
WithGrantOption = false,
});
example, err := postgresql.NewGrant(ctx, "grantResource", &postgresql.GrantArgs{
Database: pulumi.String("string"),
ObjectType: pulumi.String("string"),
Privileges: pulumi.StringArray{
pulumi.String("string"),
},
Role: pulumi.String("string"),
Columns: pulumi.StringArray{
pulumi.String("string"),
},
Objects: pulumi.StringArray{
pulumi.String("string"),
},
Schema: pulumi.String("string"),
WithGrantOption: pulumi.Bool(false),
})
var grantResource = new Grant("grantResource", GrantArgs.builder()
.database("string")
.objectType("string")
.privileges("string")
.role("string")
.columns("string")
.objects("string")
.schema("string")
.withGrantOption(false)
.build());
grant_resource = postgresql.Grant("grantResource",
database="string",
object_type="string",
privileges=["string"],
role="string",
columns=["string"],
objects=["string"],
schema="string",
with_grant_option=False)
const grantResource = new postgresql.Grant("grantResource", {
database: "string",
objectType: "string",
privileges: ["string"],
role: "string",
columns: ["string"],
objects: ["string"],
schema: "string",
withGrantOption: false,
});
type: postgresql:Grant
properties:
columns:
- string
database: string
objectType: string
objects:
- string
privileges:
- string
role: string
schema: string
withGrantOption: false
Grant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Grant resource accepts the following input properties:
- Database string
- The database to grant privileges on for this role.
- Object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- Privileges List<string>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- Role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- Columns List<string>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - Objects List<string>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - Schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- With
Grant boolOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- Database string
- The database to grant privileges on for this role.
- Object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- Privileges []string
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- Role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- Columns []string
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - Objects []string
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - Schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- With
Grant boolOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- database String
- The database to grant privileges on for this role.
- object
Type String - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- privileges List<String>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role String
- The name of the role to grant privileges on, Set it to "public" for all roles.
- columns List<String>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - objects List<String>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - schema String
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant BooleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- database string
- The database to grant privileges on for this role.
- object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- privileges string[]
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- columns string[]
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - objects string[]
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant booleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- database str
- The database to grant privileges on for this role.
- object_
type str - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- privileges Sequence[str]
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role str
- The name of the role to grant privileges on, Set it to "public" for all roles.
- columns Sequence[str]
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - objects Sequence[str]
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - schema str
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with_
grant_ booloption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- database String
- The database to grant privileges on for this role.
- object
Type String - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- privileges List<String>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role String
- The name of the role to grant privileges on, Set it to "public" for all roles.
- columns List<String>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - objects List<String>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - schema String
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant BooleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
Outputs
All input properties are implicitly available as output properties. Additionally, the Grant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Grant Resource
Get an existing Grant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GrantState, opts?: CustomResourceOptions): Grant@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
columns: Optional[Sequence[str]] = None,
database: Optional[str] = None,
object_type: Optional[str] = None,
objects: Optional[Sequence[str]] = None,
privileges: Optional[Sequence[str]] = None,
role: Optional[str] = None,
schema: Optional[str] = None,
with_grant_option: Optional[bool] = None) -> Grantfunc GetGrant(ctx *Context, name string, id IDInput, state *GrantState, opts ...ResourceOption) (*Grant, error)public static Grant Get(string name, Input<string> id, GrantState? state, CustomResourceOptions? opts = null)public static Grant get(String name, Output<String> id, GrantState state, CustomResourceOptions options)resources: _: type: postgresql:Grant get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Columns List<string>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - Database string
- The database to grant privileges on for this role.
- Object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- Objects List<string>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - Privileges List<string>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- Role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- Schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- With
Grant boolOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- Columns []string
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - Database string
- The database to grant privileges on for this role.
- Object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- Objects []string
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - Privileges []string
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- Role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- Schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- With
Grant boolOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- columns List<String>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - database String
- The database to grant privileges on for this role.
- object
Type String - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- objects List<String>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - privileges List<String>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role String
- The name of the role to grant privileges on, Set it to "public" for all roles.
- schema String
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant BooleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- columns string[]
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - database string
- The database to grant privileges on for this role.
- object
Type string - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- objects string[]
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - privileges string[]
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role string
- The name of the role to grant privileges on, Set it to "public" for all roles.
- schema string
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant booleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- columns Sequence[str]
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - database str
- The database to grant privileges on for this role.
- object_
type str - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- objects Sequence[str]
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - privileges Sequence[str]
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role str
- The name of the role to grant privileges on, Set it to "public" for all roles.
- schema str
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with_
grant_ booloption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
- columns List<String>
- The columns upon which to grant the privileges. Required when
object_typeiscolumn. You cannot specify this option if theobject_typeis notcolumn. - database String
- The database to grant privileges on for this role.
- object
Type String - The PostgreSQL object type to grant the privileges on (one of: database, schema, table, sequence, function, procedure, routine, foreign_data_wrapper, foreign_server, column).
- objects List<String>
- The objects upon which to grant the privileges. An empty list (the default) means to grant permissions on all objects of the specified type. You cannot specify this option if the
object_typeisdatabaseorschema. Whenobject_typeiscolumn, only one value is allowed. - privileges List<String>
- The list of privileges to grant. There are different kinds of privileges: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE. An empty list could be provided to revoke all privileges for this role.
- role String
- The name of the role to grant privileges on, Set it to "public" for all roles.
- schema String
- The database schema to grant privileges on for this role (Required except if object_type is "database")
- with
Grant BooleanOption - Whether the recipient of these privileges can grant the same privileges to others. Defaults to false.
Package Details
- Repository
- PostgreSQL pulumi/pulumi-postgresql
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
postgresqlTerraform Provider.
