The DefaultPrivilege Custom Resource Definition (CRD) manages default privileges (ALTER DEFAULT PRIVILEGES) for objects created in the future.
| Field | Type | Description | Required | Mutable |
|---|---|---|---|---|
clusterRef |
ResourceRef |
Reference to the ClusterConnection to use. |
Yes | Yes |
database |
string |
The database where default privileges apply. | Yes | No |
role |
string |
The role to which default privileges are granted. | Yes | No |
owner |
string |
The role that owns the objects (the creator). Default privileges apply to objects created by this role. | Yes | No |
schema |
string |
The schema where default privileges apply. Required, unless objectType is schema. |
Conditional | No |
objectType |
string |
The type of object. | Yes | No |
privileges |
array[string] |
List of privileges to grant. | Yes | Yes |
Supported object types:
schemasequencetable
Supported privileges depend on the objectType:
connectcreatedeleteinsertmaintainreferencesselecttemporarytriggertruncateupdateusage
| Field | Type | Description | Required |
|---|---|---|---|
namespace |
string |
Namespace of the referenced ClusterConnection. If not specified, uses the owning CR's namespace. |
No |
name |
string |
Name of the referenced ClusterConnection. |
Yes |
apiVersion: postgresql.aboutbits.it/v1
kind: DefaultPrivilege
metadata:
name: default-privileges-tables
spec:
clusterRef:
name: my-postgres-connection
database: my_database
role: read_only_role
owner: app_user
objectType: table
schema: public
privileges:
- select