ANXS · ArmiT · Dec 22, 2015 · Dec 24, 2015 · Jan 13, 2016 · farridav
diff --git a/README.md b/README.md
@@ -60,6 +60,13 @@ postgresql_user_privileges:
     db: foobar                  # database
     priv: "ALL"                 # privilege string format: example: INSERT,UPDATE/table:SELECT/anothertable:ALL
     role_attr_flags: "CREATEDB" # role attribute flags
+
+# List of privileges to be applied (optional)
+postgresql_privileges:
+  - db: foobar                  # database
+    roles: baz                  # roles for grant or revoke privileges
+    objs: "ALL_IN_SCHEMA"       # Comma separated list of database objects to set privileges on  
+    grant: yes
 ```
 
 There's a lot more knobs and bolts to set, which you can find in the defaults/main.yml

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -38,6 +38,9 @@ postgresql_users: []
 # List of user privileges to be applied (optional)
 postgresql_user_privileges: []
 
+# List of privileges to be applied (optional)
+postgresql_privileges: []
+
 # pg_hba.conf
 postgresql_pg_hba_default:
   - { type: local, database: all, user: '{{ postgresql_admin_user }}', address: '', method: '{{ postgresql_default_auth_method }}', comment: '' }

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -29,6 +29,9 @@
 - include: users_privileges.yml
   tags: [postgresql, postgresql-users]
 
+- include: privileges.yml
+  tags: [postgresql, postgresql-privileges]
+
 - include: monit.yml
   when: monit_protection is defined and monit_protection == true
   tags: [postgresql, postgresql-monit]
diff --git a/tasks/privileges.yml b/tasks/privileges.yml
@@ -0,0 +1,24 @@
+# file: postgresql/tasks/privileges.yml
+
+- name: PostgreSQL | Ensure PostgreSQL is running
+  service:
+    name: "{{ postgresql_service_name }}"
+    state: started
+
+- name: PostgreSQL | Make sure the PostgreSQL privileges are present
+  postgresql_privs:
+    database: "{{ item.db }}"
+    grant_option: "{{ item.grant | default(no) }}"
+    host: "{{ item.host | default(\"127.0.0.1\") }}"
+    login: "{{ item.login | default(postgresql_admin_user) }}"
+    objs: "{{ item.objs | default(omit) }}"
+    password: "{{ item.password | default(\"\") }}"
+    privs: "{{ item.privs | default(\"ALL\") }}"
+    roles: "{{ item.roles | default(\"PUBLIC\") }}"
+    schema: "{{ item.schema | default(omit) }}"
+    state: "{{ item.state | default(\"present\") }}"
+    type: "{{ item.type | default(\"table\") }}"
+  sudo: yes
+  sudo_user: "{{postgresql_admin_user}}"
+  with_items: postgresql_privileges
+  when: postgresql_privileges | length > 0