Priv module postgresql_user vulnerability for syntax syntax

Question

Priv module postgresql_user vulnerability for syntax syntax

The documentation for the postgresql_user module on how user rights should be defined conflicts with itself regarding the format. The format is described as such in the options table:

priv | PostgreSQL privileges string in the format: table:priv1,priv2

However, the examples below use a different format

 priv: "CONNECT/products:ALL" priv: "ALL/products:ALL" # Example privileges string format INSERT,UPDATE/table:SELECT/anothertable:ALL

Ansible Loves PostgreSQL blog post mentions another format:

 priv: Privileges in "priv1/priv2" or table privileges in "table:priv1,priv2,…" format

I'm having trouble creating read-only users, that is, the SELECT privilege on all tables.

Can someone shed light on the correct format for use, an example of which is providing the user with read-only access in all tables?

+5

postgresql privileges ansible

hanshenrik Dec 15 '16 at 13:32

source share

1 answer

cofiem · Answer 1 · 2017-02-09T23:20:32+0000

The postgresl_user source has parse_privs . This seems to be the best source of the expected priv format:

 Format: privileges[/privileges/...] Where: privileges := DATABASE_PRIVILEGES[,DATABASE_PRIVILEGES,...] | TABLE_NAME:TABLE_PRIVILEGES[,TABLE_PRIVILEGES,...]

It appears that / is a separator for privileges, and : is a separator for the table name and privileges (s) for this table. Separates privileges for the table.

Priv module postgresql_user vulnerability for syntax syntax

More articles: