Grants#

Due to the inconsistent set of available options there are dialect-specific grant options, there are currently only dialect-specific grant definition options.

from sqlalchemy_declarative_extensions import Grants
from sqlalchemy_declarative_extensions.dialects.postgresql import DefaultGrant

grants = Grants().are(
    DefaultGrant.on_tables_in_schema("public").grant("select", to="read"),
    DefaultGrant.on_tables_in_schema("public").grant("insert", "update", "delete", to="write"),
    DefaultGrant.on_sequences_in_schema("public").grant("usage", to="write"),
)

Note, while we largely document the fluent style of grant creation, it is entirely possible to create the underlying grants objects directly!

class sqlalchemy_declarative_extensions.grant.base.Grants#

A collection of grants and the settings for diff/collection.

Parameters

  • grants – The list of grants

  • ignore_unspecified – Defaults to False. When True, ignore detected grants which do not match the set of defined grants.

  • ignore_self_grants – Defaults to True. When True, ignores grants to the current user. It’s typical in migrations that the a single user performs migrations and will have implicitly granted grants on all objects. In this scenario, it can be tedious to define those permissions on every object, so they are ignored by default.

  • only_defined_roles – Defaults to True. When True, only applies to roles specified in the roles section.

  • default_grants_imply_grants – Defaults to True. When True, default grants also imply the set of expected actual grants. This allows one to specify only default grants, and per-object grants will be made to match the default set.

Examples

  • No grants

>>> grants = Grants()

  • Some options set

>>> grants = Grants(ignore_unspecified=True)

  • With some actual grants

>>> from sqlalchemy_declarative_extensions.dialects.postgresql import DefaultGrant
>>> grants = Grants().are(DefaultGrant(..., ...), ...)
are(*grants)#
Parameters

grants (G) –

classmethod coerce_from_unknown(unknown)#
Parameters

unknown (None | Iterable[G] | Grants) –

Return type

Grants | None

default_grants_imply_grants = True#
grants#
ignore_self_grants = True#
ignore_unspecified = False#
only_defined_roles = True#