How to create PostgreSQL read-only role with Ansible?
I'm not sure if I should be using the postgresql_privs or postgresql_user module. I tried experimenting with different values for the priv attribute, but couldn't get anything to work.
Did you tried to revoke privs?:
# REVOKE INSERT, UPDATE ON ALL TABLES IN SCHEMA public FROM reader# "public" is the default schema. This also works for PostgreSQL 8.x.- postgresql_privs: > db=library state=absent privs=INSERT,UPDATE objs=ALL_IN_SCHEMA role=reader
Note:
To revoke only GRANT OPTION for a specific object, set state to present and grant_option to no (see examples http://docs.ansible.com/ansible/postgresql_privs_module.html).
Note that when revoking privileges from a role R, this role may still have access via privileges granted to any role R is a member of including PUBLIC.
Note that when revoking privileges from a role R, you do so as the user specified via login. If R has been granted the same privileges by another user also, R can still access database objects via these privileges.