postgresql.Role
Explore with Pulumi AI
Create Role Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Role(name: string, args?: RoleArgs, opts?: CustomResourceOptions);
@overload
def Role(resource_name: str,
args: Optional[RoleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Role(resource_name: str,
opts: Optional[ResourceOptions] = None,
assume_role: Optional[str] = None,
bypass_row_level_security: Optional[bool] = None,
connection_limit: Optional[int] = None,
create_database: Optional[bool] = None,
create_role: Optional[bool] = None,
encrypted: Optional[str] = None,
encrypted_password: Optional[bool] = None,
idle_in_transaction_session_timeout: Optional[int] = None,
inherit: Optional[bool] = None,
login: Optional[bool] = None,
name: Optional[str] = None,
password: Optional[str] = None,
replication: Optional[bool] = None,
roles: Optional[Sequence[str]] = None,
search_paths: Optional[Sequence[str]] = None,
skip_drop_role: Optional[bool] = None,
skip_reassign_owned: Optional[bool] = None,
statement_timeout: Optional[int] = None,
superuser: Optional[bool] = None,
valid_until: Optional[str] = None)
func NewRole(ctx *Context, name string, args *RoleArgs, opts ...ResourceOption) (*Role, error)
public Role(string name, RoleArgs? args = null, CustomResourceOptions? opts = null)
type: postgresql:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RoleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var roleResource = new PostgreSql.Role("roleResource", new()
{
AssumeRole = "string",
BypassRowLevelSecurity = false,
ConnectionLimit = 0,
CreateDatabase = false,
CreateRole = false,
EncryptedPassword = false,
IdleInTransactionSessionTimeout = 0,
Inherit = false,
Login = false,
Name = "string",
Password = "string",
Replication = false,
Roles = new[]
{
"string",
},
SearchPaths = new[]
{
"string",
},
SkipDropRole = false,
SkipReassignOwned = false,
StatementTimeout = 0,
Superuser = false,
ValidUntil = "string",
});
example, err := postgresql.NewRole(ctx, "roleResource", &postgresql.RoleArgs{
AssumeRole: pulumi.String("string"),
BypassRowLevelSecurity: pulumi.Bool(false),
ConnectionLimit: pulumi.Int(0),
CreateDatabase: pulumi.Bool(false),
CreateRole: pulumi.Bool(false),
EncryptedPassword: pulumi.Bool(false),
IdleInTransactionSessionTimeout: pulumi.Int(0),
Inherit: pulumi.Bool(false),
Login: pulumi.Bool(false),
Name: pulumi.String("string"),
Password: pulumi.String("string"),
Replication: pulumi.Bool(false),
Roles: pulumi.StringArray{
pulumi.String("string"),
},
SearchPaths: pulumi.StringArray{
pulumi.String("string"),
},
SkipDropRole: pulumi.Bool(false),
SkipReassignOwned: pulumi.Bool(false),
StatementTimeout: pulumi.Int(0),
Superuser: pulumi.Bool(false),
ValidUntil: pulumi.String("string"),
})
var roleResource = new Role("roleResource", RoleArgs.builder()
.assumeRole("string")
.bypassRowLevelSecurity(false)
.connectionLimit(0)
.createDatabase(false)
.createRole(false)
.encryptedPassword(false)
.idleInTransactionSessionTimeout(0)
.inherit(false)
.login(false)
.name("string")
.password("string")
.replication(false)
.roles("string")
.searchPaths("string")
.skipDropRole(false)
.skipReassignOwned(false)
.statementTimeout(0)
.superuser(false)
.validUntil("string")
.build());
role_resource = postgresql.Role("roleResource",
assume_role="string",
bypass_row_level_security=False,
connection_limit=0,
create_database=False,
create_role=False,
encrypted_password=False,
idle_in_transaction_session_timeout=0,
inherit=False,
login=False,
name="string",
password="string",
replication=False,
roles=["string"],
search_paths=["string"],
skip_drop_role=False,
skip_reassign_owned=False,
statement_timeout=0,
superuser=False,
valid_until="string")
const roleResource = new postgresql.Role("roleResource", {
assumeRole: "string",
bypassRowLevelSecurity: false,
connectionLimit: 0,
createDatabase: false,
createRole: false,
encryptedPassword: false,
idleInTransactionSessionTimeout: 0,
inherit: false,
login: false,
name: "string",
password: "string",
replication: false,
roles: ["string"],
searchPaths: ["string"],
skipDropRole: false,
skipReassignOwned: false,
statementTimeout: 0,
superuser: false,
validUntil: "string",
});
type: postgresql:Role
properties:
assumeRole: string
bypassRowLevelSecurity: false
connectionLimit: 0
createDatabase: false
createRole: false
encryptedPassword: false
idleInTransactionSessionTimeout: 0
inherit: false
login: false
name: string
password: string
replication: false
roles:
- string
searchPaths:
- string
skipDropRole: false
skipReassignOwned: false
statementTimeout: 0
superuser: false
validUntil: string
Role Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Role resource accepts the following input properties:
- Assume
Role string - Defines the role to switch to at login via
SET ROLE
. - Bypass
Row boolLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - Connection
Limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - Create
Database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - Create
Role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - Encrypted string
- Encrypted
Password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - Idle
In intTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - Login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - Name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - Replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- Roles List<string>
- Defines list of roles which will be granted to this new role.
- Search
Paths List<string> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - Skip
Drop boolRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - Statement
Timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - Superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - Valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- Assume
Role string - Defines the role to switch to at login via
SET ROLE
. - Bypass
Row boolLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - Connection
Limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - Create
Database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - Create
Role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - Encrypted string
- Encrypted
Password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - Idle
In intTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - Login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - Name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - Replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- Roles []string
- Defines list of roles which will be granted to this new role.
- Search
Paths []string - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - Skip
Drop boolRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - Statement
Timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - Superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - Valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role String - Defines the role to switch to at login via
SET ROLE
. - bypass
Row BooleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit Integer - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database Boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role Boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted String
- encrypted
Password Boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In IntegerTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login Boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name String
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication Boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles List<String>
- Defines list of roles which will be granted to this new role.
- search
Paths List<String> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop BooleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout Integer - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser Boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until String - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role string - Defines the role to switch to at login via
SET ROLE
. - bypass
Row booleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit number - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted string
- encrypted
Password boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In numberTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles string[]
- Defines list of roles which will be granted to this new role.
- search
Paths string[] - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop booleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign booleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout number - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume_
role str - Defines the role to switch to at login via
SET ROLE
. - bypass_
row_ boollevel_ security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection_
limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create_
database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create_
role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted str
- encrypted_
password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle_
in_ inttransaction_ session_ timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name str
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password str
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles Sequence[str]
- Defines list of roles which will be granted to this new role.
- search_
paths Sequence[str] - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip_
drop_ boolrole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip_
reassign_ boolowned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement_
timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid_
until str - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role String - Defines the role to switch to at login via
SET ROLE
. - bypass
Row BooleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit Number - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database Boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role Boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted String
- encrypted
Password Boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In NumberTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login Boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name String
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication Boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles List<String>
- Defines list of roles which will be granted to this new role.
- search
Paths List<String> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop BooleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout Number - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser Boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until String - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Role Resource
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
assume_role: Optional[str] = None,
bypass_row_level_security: Optional[bool] = None,
connection_limit: Optional[int] = None,
create_database: Optional[bool] = None,
create_role: Optional[bool] = None,
encrypted: Optional[str] = None,
encrypted_password: Optional[bool] = None,
idle_in_transaction_session_timeout: Optional[int] = None,
inherit: Optional[bool] = None,
login: Optional[bool] = None,
name: Optional[str] = None,
password: Optional[str] = None,
replication: Optional[bool] = None,
roles: Optional[Sequence[str]] = None,
search_paths: Optional[Sequence[str]] = None,
skip_drop_role: Optional[bool] = None,
skip_reassign_owned: Optional[bool] = None,
statement_timeout: Optional[int] = None,
superuser: Optional[bool] = None,
valid_until: Optional[str] = None) -> Role
func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Assume
Role string - Defines the role to switch to at login via
SET ROLE
. - Bypass
Row boolLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - Connection
Limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - Create
Database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - Create
Role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - Encrypted string
- Encrypted
Password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - Idle
In intTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - Login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - Name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - Replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- Roles List<string>
- Defines list of roles which will be granted to this new role.
- Search
Paths List<string> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - Skip
Drop boolRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - Statement
Timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - Superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - Valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- Assume
Role string - Defines the role to switch to at login via
SET ROLE
. - Bypass
Row boolLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - Connection
Limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - Create
Database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - Create
Role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - Encrypted string
- Encrypted
Password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - Idle
In intTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- Inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - Login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - Name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- Password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - Replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- Roles []string
- Defines list of roles which will be granted to this new role.
- Search
Paths []string - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - Skip
Drop boolRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- Skip
Reassign boolOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - Statement
Timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - Superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - Valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role String - Defines the role to switch to at login via
SET ROLE
. - bypass
Row BooleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit Integer - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database Boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role Boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted String
- encrypted
Password Boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In IntegerTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login Boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name String
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication Boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles List<String>
- Defines list of roles which will be granted to this new role.
- search
Paths List<String> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop BooleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout Integer - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser Boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until String - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role string - Defines the role to switch to at login via
SET ROLE
. - bypass
Row booleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit number - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted string
- encrypted
Password boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In numberTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name string
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password string
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles string[]
- Defines list of roles which will be granted to this new role.
- search
Paths string[] - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop booleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign booleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout number - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until string - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume_
role str - Defines the role to switch to at login via
SET ROLE
. - bypass_
row_ boollevel_ security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection_
limit int - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create_
database bool - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create_
role bool - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted str
- encrypted_
password bool - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle_
in_ inttransaction_ session_ timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit bool
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login bool
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name str
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password str
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication bool
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles Sequence[str]
- Defines list of roles which will be granted to this new role.
- search_
paths Sequence[str] - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip_
drop_ boolrole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip_
reassign_ boolowned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement_
timeout int - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser bool
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid_
until str - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
- assume
Role String - Defines the role to switch to at login via
SET ROLE
. - bypass
Row BooleanLevel Security - Defines whether a role bypasses every
row-level security (RLS) policy. Default value is
false
. - connection
Limit Number - If this role can log in, this specifies how
many concurrent connections the role can establish.
-1
(the default) means no limit. - create
Database Boolean - Defines a role's ability to execute
CREATE DATABASE
. Default value isfalse
. - create
Role Boolean - Defines a role's ability to execute
CREATE ROLE
. A role with this privilege can also alter and drop other roles. Default value isfalse
. - encrypted String
- encrypted
Password Boolean - Defines whether the password is stored
encrypted in the system catalogs. Default value is
true
. NOTE: this value is always set (to the conservative and safe value), but may interfere with the behavior of PostgreSQL'spassword_encryption
setting. - idle
In NumberTransaction Session Timeout - Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
- inherit Boolean
- Defines whether a role "inherits" the privileges of
roles it is a member of. Default value is
true
. - login Boolean
- Defines whether role is allowed to log in. Roles without
this attribute are useful for managing database privileges, but are not users
in the usual sense of the word. Default value is
false
. - name String
- The name of the role. Must be unique on the PostgreSQL server instance where it is configured.
- password String
- Sets the role's password. A password is only of use
for roles having the
login
attribute set to true. - replication Boolean
- Defines whether a role is allowed to initiate
streaming replication or put the system in and out of backup mode. Default
value is
false
- roles List<String>
- Defines list of roles which will be granted to this new role.
- search
Paths List<String> - Alters the search path of this new role. Note that
due to limitations in the implementation, values cannot contain the substring
", "
. - skip
Drop BooleanRole - When a PostgreSQL ROLE exists in multiple databases and the ROLE is dropped, the cleanup of ownership of objects in each of the respective databases must occur before the ROLE can be dropped from the catalog. Set this option to true when there are multiple databases in a PostgreSQL cluster using the same PostgreSQL ROLE for object ownership. This is the third and final step taken when removing a ROLE from a database.
- skip
Reassign BooleanOwned - When a PostgreSQL ROLE exists in multiple
databases and the ROLE is dropped, a
REASSIGN OWNED
in must be executed on each of the respective databases before theDROP ROLE
can be executed to dropped the ROLE from the catalog. This is the first and second steps taken when removing a ROLE from a database (the second step being an implicitDROP OWNED
). - statement
Timeout Number - Defines
statement_timeout
setting for this role which allows to abort any statement that takes more than the specified amount of time. - superuser Boolean
- Defines whether the role is a "superuser", and
therefore can override all access restrictions within the database. Default
value is
false
. - valid
Until String - Defines the date and time after which the role's
password is no longer valid. Established connections past this
valid_time
will have to be manually terminated. This value corresponds to a PostgreSQL datetime. If omitted or the magic valueNULL
is used,valid_until
will be set toinfinity
. Default isNULL
, thereforeinfinity
.
Package Details
- Repository
- PostgreSQL pulumi/pulumi-postgresql
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
postgresql
Terraform Provider.