Python utility function to ensure that a PostgreSQL role has certain permissions or role memberships
Project description
pg-sync-roles 
Python utility function to ensure that a PostgreSQL role has certain permissions or role memberships
[!WARNING]
Work in progress. This README serves as a rough design spec.
Features
- Transparently handles high numbers of permissions - avoiding "row is too big" errors.
- Locks where necessary - working around "tuple concurrently updated" or "tuple concurrently deleted" errors" that can happen when permission changes are performed concurrently.
- Optionally removes permissions from roles
- Handles database connect, schema usage, table select permissions, and role memberships - typically useful when using PostgreSQL as a data warehouse with a high number of users that need granular permissions.
Installation
pg-sync-roles can be installed from PyPI using pip. psycopg2 or psycopg (Psycopg 3) must also be explicitly installed.
pip install pg-sync-roles psycopg
Usage
To give a user CONNECT privileges on a database, as well as membership of role:
from pg_sync_roles import DatabaseConnect, RoleMembership, pg_sync_roles
# For example purposes, PostgreSQL can be run locally using this...
# docker run --rm -it -e POSTGRES_HOST_AUTH_METHOD=trust -p 5432:5432 postgres
# ... which should work with this engine
engine = sa.create_engine('postgresql+psycopg://postgres@127.0.0.1:5432/')
with engine.begin() as conn:
pg_sync_roles(
conn,
'my_user_name',
grants=(
DatabaseConnect('my_database_name'),
RoleMembership('my_role_name'),
),
)
A more complex example:
from pg_sync_roles import (
RoleMembership,
SchemaUsage,
SchemaOwnership,
TableSelect,
pg_sync_roles,
)
engine = sa.create_engine('postgresql+psycopg://postgres@127.0.0.1:5432/')
with engine.begin() as conn:
pg_sync_roles(
conn,
'my_role_name',
grants=(
TableSelect('my_schema', 'my_table'),
SchemaUsage('my_schema'),
RoleMembership('my_other_role'),
SchemaOwnership('my_other_schema', create_if_not_exists=True),
),
revokes=(
TableSelect,
SchemaUsage,
RoleMembership,
),
)
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
pg_sync_roles-0.0.4.tar.gz
(4.0 kB
view details)
Built Distribution
File details
Details for the file pg_sync_roles-0.0.4.tar.gz.
File metadata
- Download URL: pg_sync_roles-0.0.4.tar.gz
- Upload date:
- Size: 4.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 98aa86a159a1837e9703227eef00cd3d88af36ecdc5d95719f78e766ea096d3b |
|
| MD5 | 28571ef2ab1703b303af2d4948efefd7 |
|
| BLAKE2b-256 | c29a370a32b75b1baa090ac3de8b2d911816d3c6e1e790490c32397d518cd275 |
File details
Details for the file pg_sync_roles-0.0.4-py3-none-any.whl.
File metadata
- Download URL: pg_sync_roles-0.0.4-py3-none-any.whl
- Upload date:
- Size: 3.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 20863765fd6794d247d3558329d2d1fd0c41a8736bf54da5d62a95738fec11af |
|
| MD5 | ca9143f25bbc92f31db21e2743238e65 |
|
| BLAKE2b-256 | b6018edcd2d1f739636be9392c31df6eb647c02091a984e964c550e6ba5c1b35 |
