cyrilgdn · atorrescogollo · Oct 2, 2025
diff --git a/postgresql/resource_postgresql_default_privileges.go b/postgresql/resource_postgresql_default_privileges.go
@@ -1,9 +1,11 @@
 package postgresql
 
 import (
+	"context"
 	"database/sql"
 	"fmt"
 	"log"
+	"strconv"
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -19,6 +21,9 @@ func resourcePostgreSQLDefaultPrivileges() *schema.Resource {
 		Update: PGResourceFunc(resourcePostgreSQLDefaultPrivilegesCreate),
 		Read:   PGResourceFunc(resourcePostgreSQLDefaultPrivilegesRead),
 		Delete: PGResourceFunc(resourcePostgreSQLDefaultPrivilegesDelete),
+		Importer: &schema.ResourceImporter{
+			StateContext: resourcePostgreSQLDefaultPrivilegesImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"role": {
@@ -77,6 +82,35 @@ func resourcePostgreSQLDefaultPrivileges() *schema.Resource {
 	}
 }
 
+func resourcePostgreSQLDefaultPrivilegesImport(ctx context.Context, d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
+	importId := d.Id()
+	parts := strings.Split(importId, "@")
+
+	if len(parts) != 6 {
+		return nil, fmt.Errorf("invalid import id. Expected format: <role>@<database>@<owner>@<object_type>@<schema>@<with_grant_option>. Got %s", importId)
+	}
+
+	role := parts[0]
+	d.Set("role", role)
+	database := parts[1]
+	d.Set("database", database)
+	owner := parts[2]
+	d.Set("owner", owner)
+	objectType := parts[3]
+	d.Set("object_type", objectType)
+	schema_ := parts[4]
+	d.Set("schema", schema_)
+	withGrantOption, err := strconv.ParseBool(parts[5])
+	if err != nil {
+		return nil, fmt.Errorf("error parsing with_grant_option: %w. Got %s", err, parts[5])
+	}
+	d.Set("with_grant_option", withGrantOption)
+
+	d.SetId(generateDefaultPrivilegesID(d)) // Import ID is the same as the generated ID for backwards compatibility
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourcePostgreSQLDefaultPrivilegesRead(db *DBConnection, d *schema.ResourceData) error {
 	pgSchema := d.Get("schema").(string)
 	objectType := d.Get("object_type").(string)

diff --git a/website/docs/r/postgresql_default_privileges.html.markdown b/website/docs/r/postgresql_default_privileges.html.markdown
@@ -34,6 +34,7 @@ resource "postgresql_default_privileges" "read_only_tables" {
 * `schema` - (Optional) The database schema to set default privileges for this role.
 * `object_type` - (Required) The PostgreSQL object type to set the default privileges on (one of: table, sequence, function, routine, type, schema).
 * `privileges` - (Required) List of privileges (e.g., SELECT, INSERT, UPDATE, DELETE) to grant on new objects created by the owner. An empty list could be provided to revoke all default privileges for this role.
+* `with_grant_option` - (Optional) Permit the grant recipient to grant it to others.
 
 
 ## Examples
@@ -63,3 +64,17 @@ resource "postgresql_default_privileges" "revoke_public" {
   privileges  = []
 }
 ```
+
+## Import
+
+`postgresql_default_privileges` supports importing resources following the format:
+
+```
+<role>@<database>@<owner>@<object_type>@<schema>@<with_grant_option>
+```
+
+For example:
+
+```bash
+terraform import postgresql_default_privileges.demo demo@test_db@owner@table@public@false
+```