Added revocation_sql to the website docs

This commit is contained in:
vishalnayak 2016-10-27 12:15:08 -04:00
parent da9ee9a4c1
commit e0fb8c17ce
2 changed files with 23 additions and 2 deletions

View file

@ -37,8 +37,11 @@ func pathRoles(b *backend) *framework.Path {
},
"revocation_sql": {
Type: framework.TypeString,
Description: "SQL string to revoke a user. This is in beta; use with caution.",
Type: framework.TypeString,
Description: `SQL statements to be executed to revoke a user. Must be a semicolon-separated
string, a base64-encoded semicolon-separated string, a serialized JSON string
array, or a base64-encoded serialized JSON string array. The '{{name}}' value
will be substituted.`,
},
},
@ -193,4 +196,12 @@ Example of a decent SQL query to use:
Note the above user would be able to access everything in schema public.
For more complex GRANT clauses, see the PostgreSQL manual.
The "revocation_sql" parameter customizes the SQL string used to revoke a user.
Example of a decent revocation SQL query to use:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM {{name}};
REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public FROM {{name}};
REVOKE USAGE ON SCHEMA public FROM {{name}};
DROP ROLE IF EXISTS {{name}};
`

View file

@ -247,6 +247,16 @@ subpath for interactive help output.
values will be substituted.
</li>
</ul>
<ul>
<li>
<span class="param">revocation_sql</span>
<span class="param-flags">optional</span>
SQL statements to be executed to revoke a user. Must be a semicolon-separated
string, a base64-encoded semicolon-separated string, a serialized JSON string
array, or a base64-encoded serialized JSON string array. The '{{name}}' value
will be substituted.
</li>
</ul>
</dd>
<dt>Returns</dt>