Python utility function to ensure that a PostgreSQL role has certain permissions or role memberships
Project description
pg-sync-roles
Python utility function to ensure that a PostgreSQL role has certain permissions or role memberships
[!WARNING]
Work in progress. This README serves as a rough design spec.
Features
- Transparently handles high numbers of permissions - avoiding "row is too big" errors.
- Locks where necessary - working around "tuple concurrently updated" or "tuple concurrently deleted" errors" that can happen when permission changes are performed concurrently.
- Optionally removes permissions from roles
- Handles database connect, schema usage, table select permissions, and role memberships - typically useful when using PostgreSQL as a data warehouse with a high number of users that need granular permissions.
Installation
pg-sync-roles can be installed from PyPI using pip. psycopg2 or psycopg (Psycopg 3) must also be explicitly installed.
pip install pg-sync-roles psycopg
Usage
To give a user CONNECT privileges on a database, as well as membership of role:
from pg_sync_roles import DatabaseConnect, RoleMembership, pg_sync_roles
# For example purposes, PostgreSQL can be run locally using this...
# docker run --rm -it -e POSTGRES_HOST_AUTH_METHOD=trust -p 5432:5432 postgres
# ... which should work with this engine
engine = sa.create_engine('postgresql+psycopg://postgres@127.0.0.1:5432/')
with engine.begin() as conn:
pg_sync_roles(
conn,
'my_user_name',
grants=(
DatabaseConnect('my_database_name'),
RoleMembership('my_role_name'),
),
)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pg_sync_roles-0.0.2.tar.gz
(3.6 kB
view hashes)
Built Distribution
Close
Hashes for pg_sync_roles-0.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7931d42f4b06dc692c32e8253009e9aed321b62c9fca5761b64b51c5b2755512 |
|
MD5 | 78582b495b693dc955228ef405f6aeb0 |
|
BLAKE2b-256 | c7fddecc0754815f16810d0a00adad51e27d698e5b0a1673c05cd54d33f1b007 |