Versions Compared

Old Version 8

changes.mady.by.user eric revollo

Saved on

compared with

New Version Current

changes.mady.by.user eric revollo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create the RED Scheduler user role and provide grants.
    Code Block
    languagesql
    CREATE ROLE redscheduler_role NOLOGIN ADMIN postgres;
GRANT USAGE ON SCHEMA red TO redscheduler_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA red TO redscheduler_role;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA red TO redscheduler_role;
    We can potentially grant "INSERT, UPDATE, DELETE" to only the ws_wrk tables here, but we still need select on the rest. 
    Code Block
    languagesql
    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA red TO redscheduler_role;
    Grant redscheduler_role select access to the redadmin schema 
    Code Block
    languagesql
    GRANT USAGE ON SCHEMA redadmin TO redscheduler_role;
GRANT SELECT ON ALL TABLES IN SCHEMA redadmin TO redscheduler_role;
  2. Create the RED scheduler user and grant the RED Scheduler role
    Code Block
    languagesql
    CREATE USER redscheduler_user WITH PASSWORD 'redscheduler_pass';
GRANT redscheduler_role to redscheduler_user;
  3. [OPTIONALLY] Optionally, create the RED Scheduler Profile Role and User, or just use the redadmin_user for Profile maintenance 
    Code Block
    languagesql
    CREATE ROLE redschedulerprofile_role NOLOGIN ADMIN postgres;
    RED Grant 'red' schema permissions
     -- You must run these GRANT's after connecting to the repo database, in psql run: '\c redrepo_db' to connect to the repo db
    GRANT USAGE ON SCHEMA red TO redschedulerprofile_role;
    GRANT SELECT ON ALL TABLES IN SCHEMA red TO redschedulerprofile_role;
      -- RED 'redadmin' schema permissions
    GRANT USAGE ON SCHEMA redadmin TO redschedulerprofile_role;
    GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA redadmin TO redschedulerprofile_role;
      -- Create a RED profile admin user and grant the user role
    CREATE USER redschedulerprofile_user WITH PASSWORD 'red_pass';
    GRANT redschedulerprofile_role to redschedulerprofile_user;.
    Code Block
    languagesql

...

...

  1. GRANT

...

  1.

...

  1. USAGE

...

  1.

...

  1. ON

...

  1.  SCHEMA red

...

  1.  TO

...

  1. redschedulerprofile_role

...

  1. ;

...

  1. GRANT

...

  1.

...

  1. SELECT ON ALL TABLES IN SCHEMA red TO redschedulerprofile_role;

...

  1. Grant 'redadmin' 
...
  1.  schema 
...
  1. permissions
     Code Block
    languagesql
    GRANT USAGE ON SCHEMA redadmin TO redschedulerprofile_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA redadmin TO redschedulerprofile_role;
...
  1. Create a RED profile admin user and grant the user role
     Code Block
    languagesql
    CREATE USER redschedulerprofile_user WITH PASSWORD 'red_pass';
GRANT redschedulerprofile_role to redschedulerprofile_user;
...
Create 
...
an Azkaban User role and user in PostgreSQL
...
languagesql
titleCreate Azkaban Role and User
collapsetrue
...
 This section assumes you have already created the Azkaban Metadata using the admin user.
...
  1. Create the Azkaban metadata user role and provide grants to the Azkaban metadata objects in schema 'white'
     Code Block
    languagesql
  1. CREATE ROLE azkabanmeta_role NOLOGIN ADMIN postgres;

...
  1. GRANT USAGE ON SCHEMA white TO azkabanmeta_role;
GRANT USAGE ON ALL SEQUENCES IN SCHEMA white TO azkabanmeta_role;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA white TO azkabanmeta_role;
GRANT EXECUTE ON ALL PROCEDURES IN SCHEMA white TO azkabanmeta_role;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA white TO azkabanmeta_role;
...
  2. Create an Azkaban meta user and grant the user role
     Code Block
    languagesql
    CREATE USER azkabanmeta_user 
Examples
...
languagesql
titleFull Metadata User Setup Example
collapsetrue
...
  1. WITH PASSWORD 'azkabanmeta_pass';
GRANT azkabanmeta_role to azkabanmeta_user;
...
Adding Azkaban Users
If you require additional users for the Azkaban dashboard or API, other than the default users, you can add them following this process:
...
 Code Block
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<azkaban-users>
  <role name="admin" permissions="ADMIN"/>
  <role name="read" permissions="READ"/>
  <role name="executor" permissions="EXECUTE"/>
  <user username="admin" password="admin" roles="admin"/>
  <user username="readonly" password="readonly" roles="read"/>
  <user username="executor" password="executor" roles="executor,read"/>
</azkaban-users><azkaban-users/>
 Note
titleNote
When entering the passwords they must follow the same password encryption settings configured on Azkaban, for more information refer to the Password Encryption in Azkaban section in RED Scheduler Configuration.

The possible role permissions are the following:
...