Course Content
Pre Introduction
0/9
How does a computer work?
00:00
Teams involved in IT project
Database Administration environment types
Types of Databases a DBA has to support
Further team classification in DBA team
Responsibilities of a DBA
Service level agreement
00:00
Common database related problems
What a Relational Database Is
Introduction
0/1
Brief history of PostgreSQL database
PostgreSQL Features
0/9
Object Relational Database Management System
00:00
PostgreSQL is open source
00:00
No License and a Large Community
Extensibility
DBaaS and JSON support
Scalability High-Availability Redundancy
PostgreSQL Forks and Data handling
What am I going to learn from here on
General Database Limits
PostgreSQL Architecture
0/8
How a connection is established in PostgreSQL
PostgreSQL Architecture Introduction
PostgreSQL Process Architecture
PostgreSQL Checkpointer process
Logger, Stats Collector and Autovacuum Process
Background Writer and WALWriter
PostgreSQL Memory Architecture
00:00
PostgreSQL Local Memory Architecture
ACID Properties and Query Processing
0/2
ACID Properties
The Path of a Query
PostgreSQL Installation
0/5
PostgreSQL Source code installation
PostgreSQL Yum Installation
PostgreSQL RPM Installation
Starting and Stopping the Server
PostgreSQL Database design
Physical Database Layout
0/4
PostgreSQL Page Layout
PostgreSQL WAL log files
PostgreSQL Control file
PostgreSQL Configuration and Authentication File
Logical Database Layout
0/5
PostgreSQL Tablespaces
00:00
PostgreSQL Databases
PostgreSQL Schemas
PostgreSQL Users and Roles
PostgreSQL Roles and Privileges
PostgreSQL Backup Methods
0/3
PostgreSQL Physical Backups
Pg Basebackup
PostgreSQL Logical Backups
PostgreSQL Replication
0/1
PostgreSQL Physical Replication
SQL Tuning
0/2
What is Explain plan
PostgreSQL Optimizer Stats
PostgreSQL Upgrade
0/1
PostgreSQL Upgrade
PostgreSQL Tutorial for Absolute Beginners [Administration]
About Lesson

=# GRANT INSERT ON mytable TO jsmith;
To revoke privileges, use the REVOKE command. For example:
=# REVOKE ALL PRIVILEGES ON mytable FROM jsmith;

Example.,
postgres=# \h alter role
Command: ALTER ROLE
Description: change a database role
Syntax:
ALTER ROLE role_specification [ WITH ] option [ … ]
where option can be:
SUPERUSER | NOSUPERUSER
| CREATEDB | NOCREATEDB
| CREATEROLE | NOCREATEROLE
| INHERIT | NOINHERIT
| LOGIN | NOLOGIN
| REPLICATION | NOREPLICATION
| BYPASSRLS | NOBYPASSRLS
| CONNECTION LIMIT connlimit
| [ ENCRYPTED ] PASSWORD ‘password’
| VALID UNTIL ‘timestamp’
ALTER ROLE name RENAME TO new_name
ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter { TO | = } { value | DEFAULT }
ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] SET configuration_parameter FROM CURRENT
ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] RESET configuration_parameter
ALTER ROLE { role_specification | ALL } [ IN DATABASE database_name ] RESET ALL
where role_specification can be:
role_name
| CURRENT_USER
| SESSION_USER
Default roles
postgres=# select rolname from pg_roles;
rolname
—————————
pg_monitor
pg_read_all_settings
pg_read_all_stats
pg_stat_scan_tables
pg_read_server_files
pg_write_server_files
pg_execute_server_program
pg_signal_backend

Demonstration
[postgres@jan01 ~]$ psql -U a_user -d a_db
psql (10.8)
Type “help” for help.
a_db=> select * from p_table;
name | sno
——+—–
A | 1
(1 row)

#create two users with name one_user, two_user
a_db=# create user one_user with password ‘one_user’;
CREATE ROLE
a_db=# create user two_user with password ‘two_user’;
CREATE ROLE
a_db=#
#create role one_two
a_db=# create role one_two ;
CREATE ROLE
#grant privileges to users
a_db=> grant connect on database a_db to one_two;
GRANT

a_db=> grant usage on schema a_user to one_two;
GRANT

a_db=> grant select on p_table to one_two;
GRANT
a_db=>
#give all required permissions to role instead of users..
a_db=# grant one_two to one_user;
GRANT ROLE

a_db=# grant one_two to two_user;
GRANT ROLE
a_db=#
Make changes or alter privileges
postgres=# alter role it VALID UNTIL ‘Dec 2, 2019 11:55:00’;
ALTER ROLE
postgres=# \q

[postgres@postgres05 ~]$ date
Mon Dec 2 23:54:29 IST 2019

[postgres@postgres05 ~]$ psql
psql (10.11)
Type “help” for help.

postgres=# \x
Expanded display is on.
postgres=# select * from pg_roles;

<OUTPUT TRUNCATED>
postgres=# \du
List of roles
Role name | Attributes | Member of
———–+————————————————————+———–
cse | Cannot login | {csit}
csit | | {}
it | Cannot login +| {csit}
| 3 connections +|
| Password valid until 2019-12-02 11:55:00+05:30 |
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}

postgres=# select grantee, privilege_type from information_schema.role_table_grants where table_name=’emp’;
grantee | privilege_type
————–+—————-
postgres | INSERT
postgres | SELECT
postgres | UPDATE
postgres | DELETE
postgres | TRUNCATE
postgres | REFERENCES
postgres | TRIGGER
logical_user | INSERT
logical_user | SELECT
logical_user | UPDATE
logical_user | DELETE
logical_user | TRUNCATE
logical_user | REFERENCES
logical_user | TRIGGER
(14 rows)

Further reading : https://medium.com/@zynpsnltrk/role-group-role-concepts-and-privilege-in-postgresql-8561150a7855
Further reading: https://info.crunchydata.com/blog/postgresql-defaults-and-impact-on-security-part-1
Further reading: https://info.crunchydata.com/blog/postgresql-defaults-and-impact-on-security-part-2
postgres=#
Note: There are some privileges are not inherited automatically and these are: LOGIN, SUPERUSER, CREATEDB, and CREATEROLE.

Previous
Next