Professional Documents
Culture Documents
SERVICES FEATURES PRICING CUSTOMERS COMMUNITY BLOG ABOUT CONTACT US LOGIN ENGLISH
Search
Search
Recent Posts
CloudSigma PaaS
Platform Dashboard
How-to Guide
CloudSigma PaaS
Platform Automatic
Vertical Scaling How-to
Guide
Facilitating Migration
Across Cloud Platforms
with Zero Code Change
Deploy and No Vendor
Lock-In: CloudSigma
PaaS Guide
Receive a Weekly
How to Use Roles and Manage Permissions in Digest
PostgreSQL
Email address:
PostgreSQL is an open-source DBMS which in turn uses SQL. It’s a very powerful tool that is used to manage applications and
host web data on VPS. In this tutorial, you will learn how to manage permissions in PostgreSQL. It will help you to provide your
Sign up
application roles the required permissions. We will perform this tutorial using PostgreSQL on a Ubuntu 18.04 cloud server on
CloudSigma.
Installing PostgreSQL
To download and install PostgreSQL, run the following commands:
The installer will create a default user – “Postgres” to operate under. We will use this user for most of this tutorial. You can log in
to the user with this command:
1 sudo su - postgres
Now that PostgreSQL is installed, you will learn how it handles permission. You can also follow our tutorial on setting up
PostgreSQL on Ubuntu for a detailed step-by-step guide of the installation process.
1 psql
1 \du
As of now, there’s only one default role with all the privileges.
You can create roles for Postgres either from the command line or from within the Postgres shell. You can try the following two
approaches, following which you will see how to manage permissions and accesses in PostgreSQL.
1 \du
It specifies that the new role has no login permissions. You will learn how to change that later in the tutorial.
1 \q
You can create a role called “test” with the following command:
1 createuser test
Once you have executed the above command, login to the psql, and list the roles using the following commands:
1 psql
2 \du
You can observe that the user-created this way doesn’t have the same attributes.
You can delete the demo role that we created earlier using the command:
If we try to drop a role that doesn’t exist, it will just throw an error. To see that, you can try to drop the same role again:
If you want the command not to throw an error when the role doesn’t exist, you can add ‘IF EXISTS’ in the command:
To see the options for this, you can open help using this command:
1 \h CREATE ROLE
If you want to create a role with login permissions, you can form the command like this:
As we saw earlier, if you want to create roles with login permission, you can also use the following command:
The sole difference between the two commands is that ‘CREATE USER’ gives login permission to the role by default.
For example, if you want, you can change the login permissions of the demo_role to ‘log in’ with this command:
To allow the user to log in again, you can alter the permissions with the following command:
In this section, you will try the second one. To start with, you can set the password of the user, so authentication is possible.
1 \password test
When prompted, enter, and confirm the password. Once done, you can exit the PostgreSQL interface and return it to your
normal machine user:
1 \q
2 exit
PostgreSQL requires you to login with a username that matches your operating system’s username and also to connect the
database with the same username. Since you are not doing that in this case, you will have to explicitly specify the options you
want to use. You can use the following syntax:
-h 127.0.0.1: Specifies to PostgreSQL that you will be connecting through a network interface to the local machine. This option
allows us authentication even though the username doesn’t match the system username.
Once you enter the password, you’ll be logged onto the shell. In our example, we use the database ‘postgres,’ the default
database automatically set up during the installation.
In this session, based on the user you selected to log in, you will face an issue that you don’t have the right permissions to
perform various actions. The reason for the issue is that you haven’t already given the user sufficient permissions to administer
things.
In the next section, you will grant the required permissions to users. First, you will need to change the user back to an
administrative one:
1 \q
2 sudo su - postgres
3 psql
1 \d
Now that you have a demo table, you can grant privileges to the ‘demo’ table to ‘demo_role.’ You can give the role ‘UPDATE’
privilege with this command:
You can grant all permissions to a role by specifying the permission as ‘ALL’:
If you want to grant specific permission to all roles on the system, you can use the keyword ‘public’ instead of the role like the
following command:
You can view all the permissions granted using the following command:
1 \z
Like with GRANT, we can use the keywords – ‘ALL’ and ‘PUBLIC’ to grant all permissions or grant permissions to all roles:
Now you can manage these two roles’ permissions just by managing the permissions of the ‘temporary_role’ role. This allows for
easier management of permissions. You can see the role of membership information with this command:
1 \du
Any group member can act as the group by using the ‘set role’ command. As the ‘postgres’ user is a superuser, you can use ‘set
role’ even if you’re not a member of the group:
Any tables that you will create now are owned by temporary_role:
1 \d
You can see that the ‘temporary_role’ role owns the new table and the sequence associated with the serial data type. To revert
to the original role permissions, run the following command:
1 RESET ROLE;
If you want the role to have all the privileges of the role they belong to, you can specify the ‘inherit’ property with the ‘alter role’
command:
With the above command, ‘test_user’ has got all the privileges of the roles it belongs to. To drop a role, you can use the ‘drop role’
command:
The above command throws an error because we have some objects, like table ‘hello,’ which depends upon it. To drop it, you can
transfer the ownership of the table to a different role:
You can check that temporary_role doesn’t own any tables now with the following command:
1 \d
You can drop the ‘temporary_role’ now as it doesn’t have any dependencies now:
Conclusion
You have completed the tutorial, and now you know how to manage permissions in PostgreSQL. You can administer the
permissions easily. Knowing how to manage permissions ensures that your applications have access to the required databases
while not having access to any other database used by a different application.
Happy Computing!
About Latest
CLOUD TUTORIAL GRANT PERMISSIONS INSTALL POSTGRE LINUX LINUX TUTORIAL PERMISSIONS POSTGRE
H O M E
L E G A L
F E A T U R E S
I A A S P R I C I N G
A B O U T C L O U D S I G M A
L O C A T I O N S
PA R T N E R S
S T A T U S
C L O U D T U T O R I A L S
Q U E S T I O N S
B L O G
© 2021 Cl o u d Si gma AG