Docs
Packagespostgresql.Role
Explore with Pulumi AI
Create Role Resource
new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
assume_role: Optional[str] = None,
bypass_row_level_security: Optional[bool] = None,
connection_limit: Optional[int] = None,
create_database: Optional[bool] = None,
create_role: Optional[bool] = None,
encrypted: Optional[str] = None,
encrypted_password: Optional[bool] = None,
idle_in_transaction_session_timeout: Optional[int] = None,
inherit: Optional[bool] = None,
login: Optional[bool] = None,
name: Optional[str] = None,
password: Optional[str] = None,
replication: Optional[bool] = None,
roles: Optional[Sequence[str]] = None,
search_paths: Optional[Sequence[str]] = None,
skip_drop_role: Optional[bool] = None,
skip_reassign_owned: Optional[bool] = None,
statement_timeout: Optional[int] = None,
superuser: Optional[bool] = None,
valid_until: Optional[str] = None)
@overload
def Role(resource_name: str,
args: Optional[RoleArgs] = None,
opts: Optional[ResourceOptions] = None)func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)type: postgresql:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Role resource accepts the following input properties:
- Assume
Role string Defines the role to switch to at login via
SET ROLE.- Bypass
Row boolLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- Connection
Limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- Create
Database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- Create
Role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- Encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- Encrypted
Password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- Idle
In intTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- Login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- Name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- Replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- Roles List<string>
Defines list of roles which will be granted to this new role.
- Search
Paths List<string> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- Skip
Drop boolRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- Statement
Timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- Superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- Valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- Assume
Role string Defines the role to switch to at login via
SET ROLE.- Bypass
Row boolLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- Connection
Limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- Create
Database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- Create
Role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- Encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- Encrypted
Password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- Idle
In intTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- Login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- Name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- Replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- Roles []string
Defines list of roles which will be granted to this new role.
- Search
Paths []string Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- Skip
Drop boolRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- Statement
Timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- Superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- Valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role String Defines the role to switch to at login via
SET ROLE.- bypass
Row BooleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit Integer If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database Boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role Boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted String
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password Boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In IntegerTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login Boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name String
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication Boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles List<String>
Defines list of roles which will be granted to this new role.
- search
Paths List<String> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop BooleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout Integer Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser Boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until String Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role string Defines the role to switch to at login via
SET ROLE.- bypass
Row booleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit number If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In numberTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles string[]
Defines list of roles which will be granted to this new role.
- search
Paths string[] Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop booleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign booleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout number Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume_
role str Defines the role to switch to at login via
SET ROLE.- bypass_
row_ boollevel_ security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection_
limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create_
database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create_
role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted str
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted_
password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle_
in_ inttransaction_ session_ timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name str
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password str
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles Sequence[str]
Defines list of roles which will be granted to this new role.
- search_
paths Sequence[str] Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip_
drop_ boolrole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip_
reassign_ boolowned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement_
timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid_
until str Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role String Defines the role to switch to at login via
SET ROLE.- bypass
Row BooleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit Number If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database Boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role Boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted String
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password Boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In NumberTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login Boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name String
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication Boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles List<String>
Defines list of roles which will be granted to this new role.
- search
Paths List<String> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop BooleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout Number Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser Boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until String Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assume_role: Optional[str] = None,
bypass_row_level_security: Optional[bool] = None,
connection_limit: Optional[int] = None,
create_database: Optional[bool] = None,
create_role: Optional[bool] = None,
encrypted: Optional[str] = None,
encrypted_password: Optional[bool] = None,
idle_in_transaction_session_timeout: Optional[int] = None,
inherit: Optional[bool] = None,
login: Optional[bool] = None,
name: Optional[str] = None,
password: Optional[str] = None,
replication: Optional[bool] = None,
roles: Optional[Sequence[str]] = None,
search_paths: Optional[Sequence[str]] = None,
skip_drop_role: Optional[bool] = None,
skip_reassign_owned: Optional[bool] = None,
statement_timeout: Optional[int] = None,
superuser: Optional[bool] = None,
valid_until: Optional[str] = None) -> Rolefunc GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Assume
Role string Defines the role to switch to at login via
SET ROLE.- Bypass
Row boolLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- Connection
Limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- Create
Database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- Create
Role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- Encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- Encrypted
Password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- Idle
In intTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- Login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- Name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- Replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- Roles List<string>
Defines list of roles which will be granted to this new role.
- Search
Paths List<string> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- Skip
Drop boolRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- Statement
Timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- Superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- Valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- Assume
Role string Defines the role to switch to at login via
SET ROLE.- Bypass
Row boolLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- Connection
Limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- Create
Database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- Create
Role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- Encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- Encrypted
Password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- Idle
In intTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- Login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- Name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- Replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- Roles []string
Defines list of roles which will be granted to this new role.
- Search
Paths []string Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- Skip
Drop boolRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- Statement
Timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- Superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- Valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role String Defines the role to switch to at login via
SET ROLE.- bypass
Row BooleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit Integer If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database Boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role Boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted String
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password Boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In IntegerTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login Boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name String
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication Boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles List<String>
Defines list of roles which will be granted to this new role.
- search
Paths List<String> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop BooleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout Integer Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser Boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until String Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role string Defines the role to switch to at login via
SET ROLE.- bypass
Row booleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit number If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted string
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In numberTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name string
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password string
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles string[]
Defines list of roles which will be granted to this new role.
- search
Paths string[] Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop booleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign booleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout number Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until string Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume_
role str Defines the role to switch to at login via
SET ROLE.- bypass_
row_ boollevel_ security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection_
limit int If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create_
database bool Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create_
role bool Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted str
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted_
password bool Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle_
in_ inttransaction_ session_ timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit bool
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login bool
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name str
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password str
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication bool
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles Sequence[str]
Defines list of roles which will be granted to this new role.
- search_
paths Sequence[str] Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip_
drop_ boolrole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip_
reassign_ boolowned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement_
timeout int Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser bool
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid_
until str Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
- assume
Role String Defines the role to switch to at login via
SET ROLE.- bypass
Row BooleanLevel Security Defines whether a role bypasses every row-level security (RLS) policy. Default value is
false.- connection
Limit Number If this role can log in, this specifies how many concurrent connections the role can establish.
-1(the default) means no limit.- create
Database Boolean Defines a role's ability to execute
CREATE DATABASE. Default value isfalse.- create
Role Boolean Defines a role's ability to execute
CREATE ROLE. A role with this privilege can also alter and drop other roles. Default value isfalse.- encrypted String
Rename PostgreSQL role resource attribute "encrypted" to "encrypted_password"
- encrypted
Password Boolean Defines whether the password is stored encrypted in the system catalogs. Default value is
true. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryptionsetting.- idle
In NumberTransaction Session Timeout Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
Defines whether a role "inherits" the privileges of roles it is a member of. Default value is
true.- login Boolean
Defines whether role is allowed to log in. Roles without this attribute are useful for managing database privileges, but are not users in the usual sense of the word. Default value is
false.- name String
The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
Sets the role's password. A password is only of use for roles having the
loginattribute set to true.- replication Boolean
Defines whether a role is allowed to initiate streaming replication or put the system in and out of backup mode. Default value is
false- roles List<String>
Defines list of roles which will be granted to this new role.
- search
Paths List<String> Alters the search path of this new role. Note that due to limitations in the implementation, values cannot contain the substring
", ".- skip
Drop BooleanRole When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, a
REASSIGN OWNEDin must be executed on each of the respective databases before theDROP ROLEcan be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED).- statement
Timeout Number Defines
statement_timeoutsetting for this role which allows to abort any statement that takes more than the specified amount of time.- superuser Boolean
Defines whether the role is a "superuser", and therefore can override all access restrictions within the database. Default value is
false.- valid
Until String Defines the date and time after which the role's password is no longer valid. Established connections past this
valid_timewill have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULLis used,valid_untilwill be set toinfinity. Default isNULL, thereforeinfinity.
Package Details
- Repository
- PostgreSQL pulumi/pulumi-postgresql
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
postgresqlTerraform Provider.