reinhardt_query/dcl/role_attributes.rs
1//! PostgreSQL role attribute specifications
2//!
3//! This module provides type-safe representations of PostgreSQL role attributes
4//! used in CREATE ROLE, ALTER ROLE, and CREATE USER statements.
5//!
6//! # Examples
7//!
8//! ```
9//! use reinhardt_query::dcl::RoleAttribute;
10//!
11//! // Create role with SUPERUSER privilege
12//! let attr = RoleAttribute::SuperUser;
13//!
14//! // Create role with LOGIN capability
15//! let login_attr = RoleAttribute::Login;
16//!
17//! // Create role with connection limit
18//! let conn_limit = RoleAttribute::ConnectionLimit(10);
19//! ```
20
21/// PostgreSQL role attribute specifications
22///
23/// These attributes control various privileges and settings for database roles.
24/// They are used in CREATE ROLE, ALTER ROLE, and CREATE USER statements.
25///
26/// # Privilege Attributes
27///
28/// - `` `SuperUser` ``/`` `NoSuperUser` `` - Superuser privilege
29/// - `` `CreateDb` ``/`` `NoCreateDb` `` - Database creation privilege
30/// - `` `CreateRole` ``/`` `NoCreateRole` `` - Role creation privilege
31/// - `` `Inherit` ``/`` `NoInherit` `` - Privilege inheritance
32/// - `` `Login` ``/`` `NoLogin` `` - Login capability
33/// - `` `Replication` ``/`` `NoReplication` `` - Replication privilege
34/// - `` `BypassRls` ``/`` `NoBypassRls` `` - Row-level security bypass
35///
36/// # Configuration Attributes
37///
38/// - `` `ConnectionLimit` `` - Maximum concurrent connections (-1 = unlimited)
39/// - `` `Password` `` - Set role password (automatically encrypted)
40/// - `` `EncryptedPassword` `` - Set pre-encrypted password
41/// - `` `UnencryptedPassword` `` - Set unencrypted password (not recommended)
42/// - `` `ValidUntil` `` - Password expiration timestamp
43///
44/// # Role Membership Attributes
45///
46/// - `` `InRole` `` - Add role to specified roles
47/// - `` `Role` `` - Grant specified roles to this role
48/// - `` `Admin` `` - Grant specified roles with ADMIN OPTION
49#[derive(Debug, Clone, PartialEq)]
50pub enum RoleAttribute {
51 /// SUPERUSER privilege - can override all access restrictions
52 SuperUser,
53 /// NOSUPERUSER - explicitly deny superuser privilege
54 NoSuperUser,
55
56 /// CREATEDB privilege - can create databases
57 CreateDb,
58 /// NOCREATEDB - cannot create databases
59 NoCreateDb,
60
61 /// CREATEROLE privilege - can create roles
62 CreateRole,
63 /// NOCREATEROLE - cannot create roles
64 NoCreateRole,
65
66 /// INHERIT - automatically inherit privileges of roles it is a member of
67 Inherit,
68 /// NOINHERIT - do not automatically inherit privileges
69 NoInherit,
70
71 /// LOGIN - role can log in (required for users)
72 Login,
73 /// NOLOGIN - role cannot log in (typical for group roles)
74 NoLogin,
75
76 /// REPLICATION - role can initiate streaming replication
77 Replication,
78 /// NOREPLICATION - role cannot initiate replication
79 NoReplication,
80
81 /// BYPASSRLS - role bypasses row-level security policies
82 BypassRls,
83 /// NOBYPASSRLS - role is subject to row-level security
84 NoBypassRls,
85
86 /// CONNECTION LIMIT - maximum concurrent connections (-1 = unlimited)
87 ConnectionLimit(i32),
88
89 /// PASSWORD - set role password (will be encrypted by PostgreSQL)
90 Password(String),
91 /// ENCRYPTED PASSWORD - set pre-encrypted password
92 EncryptedPassword(String),
93 /// UNENCRYPTED PASSWORD - set unencrypted password (deprecated, not recommended)
94 UnencryptedPassword(String),
95
96 /// VALID UNTIL - password expiration timestamp (ISO 8601 format recommended)
97 ValidUntil(String),
98
99 /// IN ROLE - add this role to the specified roles
100 InRole(Vec<String>),
101 /// ROLE - grant the specified roles to this role
102 Role(Vec<String>),
103 /// ADMIN - grant the specified roles with ADMIN OPTION
104 Admin(Vec<String>),
105}