Page History
...
Follow these steps to create an admin user for installing the metadata.
- Create an admin role and grant permissions
Code Block language sql -- Create an admin role and grant create CREATE ROLE redadmin_role NOLOGIN ADMIN postgres; GRANT CREATE ON DATABASE redrepo_db to redadmin_role;
- Create a RED admin useruser
Code Block language sql -- Create the admin user CREATE USER redadmin_user WITH PASSWORD 'redadmin_pass'; GRANT redadmin_role to redadmin_user;
Adding Users After Metadata Creation
This set of statements section assumes you have already created the RED Metadata using the admin user.
- Connect to the repo DB
- Create the RED user role
...
Connect to the repo db and give grants to the metadata objects, in psql run:
\c redrepo_db;
You must run these GRANT's after connecting to the repo database, in psql run: '\c redrepo_db' to connect to the repo db
- and provide grants.
Code Block language sql
...
CREATE ROLE reduser_role NOLOGIN ADMIN postgres;
...
GRANT USAGE ON SCHEMA red TO reduser_role; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA red TO reduser_role; GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA red TO reduser_role; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA red TO reduser_role;
...
Tip title Tip For each developer user of RED create an individual PostgreSQL user for them.
...
- Create a RED
...
- user
...
- and
...
- grant
...
- the
...
- user
...
- role.
Code Block language sql CREATE USER red_user WITH PASSWORD 'red_pass'; GRANT reduser_role to red_user;
...
5. Create a RED Scheduler role and user in PostgreSQL
It is important to make sure you have completed step 4 prior to running the following user grants.
...
Add a RED Scheduler Role and User
...
This section assumes you have already created the RED Metadata using the admin user.
...
- Create the RED Scheduler user role and provide grants.
Code Block language sql
CREATE ROLE redscheduler_role NOLOGIN ADMIN postgres;
...
GRANT USAGE ON SCHEMA red TO redscheduler_role; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA red TO redscheduler_role; GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA red TO redscheduler_role;
...
We can potentially grant "INSERT,
...
- UPDATE,
...
- DELETE"
...
- to
...
- only
...
- the
...
- ws_wrk
...
- tables
...
- here,
...
- but
...
- we
...
- still
...
- need
...
- select
...
- on
...
- the
...
- rest.
Code Block language sql GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA red TO redscheduler_role;
...
Grant redscheduler_role
...
- select
...
- access
...
- to
...
- the
...
- redadmin schema
Code Block language sql GRANT USAGE ON SCHEMA redadmin TO redscheduler_role; GRANT SELECT ON ALL TABLES IN SCHEMA redadmin TO redscheduler_role;
...
- Create
...
- the
...
- RED
...
- scheduler
...
- user
...
- and
...
- grant
...
- the
...
- RED
...
- Scheduler
...
- role
Code Block language sql CREATE USER redscheduler_user WITH PASSWORD 'redscheduler_pass'; GRANT redscheduler_role to redscheduler_user;
...
- Optionally, create the RED Scheduler Profile Role and User, or just use the redadmin_user for Profile maintenance
Code Block language sql CREATE ROLE redschedulerprofile_role NOLOGIN ADMIN postgres;
...
Grant 'red'
...
- schema
...
- permissions.
Code Block language sql GRANT USAGE ON SCHEMA red TO redschedulerprofile_role; GRANT SELECT ON ALL TABLES IN SCHEMA red TO redschedulerprofile_role;
...
Grant 'redadmin'
...
- schema
...
- permissions
Code Block language sql GRANT USAGE ON SCHEMA redadmin TO redschedulerprofile_role; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA redadmin TO redschedulerprofile_role;
...
Create a RED profile admin user and grant the user roleCode Block language sql CREATE USER redschedulerprofile_user WITH PASSWORD 'red_pass'; GRANT redschedulerprofile_role to redschedulerprofile_user;
...
Create
...
an Azkaban User role and user in PostgreSQL
...
| language | sql |
|---|---|
| title | Create Azkaban Role and User |
| collapse | true |
This section assumes you have already created the Azkaban Metadata using the admin user.
...
- Create the Azkaban metadata user role and provide grants to the Azkaban metadata objects in schema 'white'
Code Block language sql
CREATE ROLE azkabanmeta_role NOLOGIN ADMIN postgres;
...
Examples
GRANT USAGE ON SCHEMA white TO azkabanmeta_role; GRANT USAGE ON ALL SEQUENCES IN SCHEMA white TO azkabanmeta_role; GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA white TO azkabanmeta_role; GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA white TO azkabanmeta_role; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA white TO azkabanmeta_role;
...
- Create an Azkaban meta user and grant the user role
Code Block language sql
...
...
CREATE
...
...
USER
...
azkabanmeta_
...
user
...
WITH PASSWORD 'azkabanmeta_pass'; GRANT azkabanmeta_role to azkabanmeta_user;
...
Adding Azkaban Users
If you require additional users for the Azkaban dashboard or API, other than the default users, you can add them following this process:
...
| Code Block |
|---|
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <azkaban-users> <role name="admin" permissions="ADMIN"/> <role name="read" permissions="READ"/> <role name="executor" permissions="EXECUTE"/> <user username="admin" password="admin" roles="admin"/> <user username="readonly" password="readonly" roles="read"/> <user username="executor" password="executor" roles="executor,read"/> </azkaban-users><azkaban-users/> |
| Note | ||
|---|---|---|
| ||
When entering the passwords they must follow the same password encryption settings configured on Azkaban, for more information refer to the Password Encryption in Azkaban section in RED Scheduler Configuration. |
The possible role permissions are the following:
...