Versions Compared

Old Version 4

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

compared with

New Version 5

changes.mady.by.user Morgan Mackeson-Ellis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2

Supported PostgreSQL versions

WhereScape RED and WhereScape Azkaban support PostgreSQL-compatible databases from PostgreSQL version 12 to version 16.

...

Metadata Schema Names

RED creates its metadata on schemas named ‘red’ and 'redadmin'. WhereScape Azkaban creates its metadata on a schema named ‘white’.

Warning
Database names for RED and WhereScape Azkaban metadata must be created in lowercase and not contain any special characters which would require surrounding in quotes (“”) in SQL queries. 

Users and

...

Permissions

RED Users

Normal users and deployment users of RED require the following grants on the metadata database schema 'red':

...

  • CREATE on the database to create the ‘white’ schema and the Azkaban metadata objects.

...

Step by Step Database Setup Guide

Note: if you have already created a RED metadata repository then go directly to step 54.

1. Create a database, admin role and admin user in PostgreSQL

Code Block
languagesql
collapsetrue
-- Create an admin role, database and grant create
CREATE ROLE redadmin_role NOLOGIN ADMIN postgres;
CREATE DATABASE redrepo_db;
GRANT CREATE ON DATABASE redrepo_db to redadmin_role;

Create an your RED admin user:

Code Block
languagesql
collapsetrue
-- Create the admin user
CREATE USER redadmin_user WITH PASSWORD 'mypass';
GRANT redadmin_role to redadmin_user;

...

It is important to make sure you have completed step 4 prior to running the following user grants.

Code Block
languagesql
collapsetrue
-- Note this set of statements assumes you have already created
--  the RED Metadata using the admin user.
-- Create the RED user role and give grants to the metadata objects
CREATE ROLE reduser_role NOLOGIN ADMIN postgres;
GRANT USAGE ON SCHEMA red TO reduser_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA red TO reduser_role;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA red TO reduser_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA red TO reduser_role;
Tip
For each developer user of RED create an individual PostgreSQL user for them.
Code Block
languagesql
collapsetrue
-- Create a RED user and grant the user role
CREATE USER red_user WITH PASSWORD 'red_pass';
GRANT reduser_role to red_user;

...

It is important to make sure you have completed step 4 prior to running the following user grants.

Code Block
languagesql
collapsetrue
-- Note this set of statements assumes you have already created
--  the RED Metadata using the admin user.
-- Create the RED Scheduler user role and give grants to the metadata objects
CREATE ROLE redscheduler_role NOLOGIN ADMIN postgres;
-- RED 'red' schema permissions
GRANT USAGE ON SCHEMA red TO redscheduler_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA red TO redscheduler_role;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA red TO redscheduler_role;
  -- We can potentially grant "INSERT, UPDATE, DELETE" to only the ws_wrk tables here, but we still need select on the rest
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA red TO redscheduler_role;
  -- Grant redscheduler_role select access to the redadmin schema
GRANT USAGE ON SCHEMA redadmin TO redscheduler_role;
GRANT SELECT ON ALL TABLES IN SCHEMA redadmin TO redscheduler_role;

-- Create the RED scheduler user and grant the RED Scheduler role
CREATE USER redscheduler_user WITH PASSWORD 'redscheduler_pass';
GRANT redscheduler_role to redscheduler_user;

-- [OPTIONALLY] create the RED Scheduler Profile Role and User, or just use the redadmin_user for Profile maintenance 
CREATE ROLE redschedulerprofile_role NOLOGIN ADMIN postgres;
  -- RED 'red' schema permissions
GRANT USAGE ON SCHEMA red TO redschedulerprofile_role;
GRANT SELECT ON ALL TABLES IN SCHEMA red TO redschedulerprofile_role;
  -- RED 'redadmin' schema permissions
GRANT USAGE ON SCHEMA redadmin TO redschedulerprofile_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA redadmin TO redschedulerprofile_role;
  -- Create a RED profile admin user and grant the user role
CREATE USER redschedulerprofile_user WITH PASSWORD 'red_pass';
GRANT redschedulerprofile_role to redschedulerprofile_user;

6. Create a Azkaban User role and user in PostgreSQL

Code Block
languagesql
collapsetrue
-- Note this set of statements assumes you have already created
--  the Azkaban Metadata using the redadmin_user.

-- Create the Azkaban metadata user role and give grants to the Azkaban metadata objects in schema 'white'
CREATE ROLE azkabanmeta_role NOLOGIN ADMIN postgres;
  -- Azkaban 'white' schema permissions
GRANT USAGE ON SCHEMA white TO azkabanmeta_role;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA white TO azkabanmeta_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA white TO azkabanmeta_role;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA white TO azkabanmeta_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA white TO azkabanmeta_role;

-- Create a Azkaban meta user and grant the user role
CREATE USER azkabanmeta_user WITH PASSWORD 'azkabanmeta_pass';
GRANT azkabanmeta_role to azkabanmeta_user;

...