Skip to main content
HashnodeHashNotes

Command Palette

Search for a command to run...

Understanding and Practicing PostgreSQL Login/Group Roles in pgAdmin

Published
3 min read
M
Mohamad Mahmood

Mohamad's interest is in Programming (Mobile, Web, Database and Machine Learning). He is studying at the Center For Artificial Intelligence Technology (CAIT), Universiti Kebangsaan Malaysia (UKM).

PostgreSQL provides a robust role-based access control mechanism for managing database permissions. In this tutorial, you’ll learn about Login/Group Roles in PostgreSQL using pgAdmin, understand their purpose, and practice creating and managing these roles.

What Are Login/Group Roles?

Roles in PostgreSQL are entities that manage:

  • Authentication: Roles with login privileges can access the database.

  • Permissions: Roles define what a user can do (e.g., read, write, execute).

  • Group Management: Group roles allow multiple users to share permissions.

Prerequisites

  1. pgAdmin installed and connected to a PostgreSQL server.

  2. Access to a database with sufficient privileges (e.g., postgres user).

Overview of Key Roles

The list provided shows common predefined PostgreSQL roles:

  1. pg_checkpoint: Allows initiating a checkpoint in the database.

  2. pg_create_subscription: Grants permission to create subscriptions for logical replication.

  3. pg_database_owner: Role specific to ownership of databases.

  4. pg_execute_server_program: Enables execution of server-side programs.

  5. pg_maintain: Grants privileges for maintenance tasks.

  6. pg_monitor: Allows viewing statistics and monitoring data.

  7. pg_read_all_data: Grants read access to all tables in the database.

  8. pg_write_all_data: Grants write access to all tables in the database.

Step-by-Step Guide to Understanding and Practicing Roles

1. Viewing Roles in pgAdmin

  1. Open pgAdmin.

  2. Navigate to the Login/Group Roles section in your PostgreSQL instance.

  3. Right-click on a role (e.g., pg_monitor) and select Properties to view its details.

Task: Analyze Predefined Roles

  • Look at the Privileges, Membership, and Settings for each predefined role.

  • Note which roles can:

    • Login to the database.

    • Perform specific administrative tasks (e.g., checkpointing or monitoring).

2. Creating a New Role

Task: Create a Login Role

  1. Right-click on Login/Group Roles > Create > Login/Group Role.

  2. Fill in the General tab:

    • Role Name: app_user

    • Password: Set a secure password.

    • Check Can login.

  3. Set privileges in the Privileges tab (e.g., CONNECT, SELECT).

  4. Save the role.

Task: Create a Group Role

  1. Right-click on Login/Group Roles > Create > Login/Group Role.

  2. Fill in the General tab:

    • Role Name: app_team

    • Leave Can login unchecked.

  3. Assign members in the Members tab.

    • Add the app_user role as a member.

3. Granting Permissions to Roles

Task: Assign Privileges

  1. Right-click on a database or table > Grant Wizard.

  2. Select the app_user role and grant:

    • CONNECT permission on the database.

    • SELECT permission on a table.

4. Practicing Role Management

Scenario: Role Inheritance

  1. Create a group role data_analysts with SELECT permission on a table.

  2. Add multiple user roles (e.g., analyst1, analyst2) as members.

  3. Test if analyst1 can query the table.

-- Granting permissions
GRANT SELECT ON TABLE my_table TO data_analysts;

-- Testing with analyst1
SET ROLE analyst1;
SELECT * FROM my_table;

Scenario: Revoking Permissions

  1. Revoke the SELECT permission from data_analysts.

  2. Confirm analyst1 can no longer query the table.

REVOKE SELECT ON TABLE my_table FROM data_analysts;

5. Exploring Predefined Roles

Task: Use Monitoring Roles

  1. Assign pg_monitor to a user role.

  2. View monitoring information by querying statistics.

SELECT * FROM pg_stat_activity;

Task: Test Maintenance Roles

  1. Assign pg_maintain to a user.

  2. Perform maintenance tasks like vacuuming.

VACUUM ANALYZE my_table;

Best Practices

  1. Use Group Roles: Assign permissions at the group level and add users as members.

  2. Minimize Privileges: Grant only necessary permissions to reduce security risks.

  3. Monitor Activity: Use roles like pg_monitor to keep track of database activity.

Challenge

Design a role hierarchy:

  1. Create three roles:

    • admin: Full privileges.

    • editor: Can modify data.

    • viewer: Can only read data.

  2. Test the hierarchy by assigning permissions to sample tables.

This tutorial offers a hands-on approach to understanding Login/Group Roles in PostgreSQL using pgAdmin.

#postgresql
25 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

HashNotes

348 posts