Postgres - grant role to user

[Ian Levesque]

Hi,

I'm trying to figure out if/how I can use the postgresql_user module to grant a role to a user.

I thought I may be able to specify the role via role_attr_flags but that doesn't work for granting a custom role.

Does anyone know how to do this?

Thanks,

Ian

[Ian Levesque]

On Sunday, June 28, 2015 at 10:36:53 AM UTC-4, Ian Levesque wrote:

I'm trying to figure out if/how I can use the postgresql_user module to grant a role to a user.

I thought I may be able to specify the role via role_attr_flags but that doesn't work for granting a custom role.

To answer my own question, you can assign membership to a role in postgres using the postgres_privs module, using a syntax such as:

    users:

      admin:

        password: "{{ encrypted_password }}"

        roles: full,admin

      employee:

        password: "{{ encrypted_password }}"

        roles: readonly

    - name: Grant users membership to their appropriate role

      postgresql_privs:

        type: group

        db: database_name

        port: 5432

        login_host: db.server.com

        login_user: admin_user

        login_password: "{{ encrypted_admin_password }}"

        roles: "{{ item.key }}"

        objs: "{{ item.value.roles }}"

      with_dict: "{{ users }}"

Where "roles" is the comma-separated list of affected users and "objs" is the comma-separated list of roles to which the user(s) should be granted membership. The database "db" is only used for connection, since role membership is cluster-wide.

Best,

Ian