While the privilege information can be read from the pg_class table just like any other table in PostgreSQL, for the purposes of manipulating it, you would not want to have to construct cumber- some arrays to update those values. Instead, PostgreSQL supports several SQL commands that you can use to add, update, and drop users, groups, and the various privileges those users might need.
Working with PostgreSQL Users
PostgreSQL gives us several SQL-level commands to create users and groups, thus defining their roles within the database system: CREATE USER, ALTER USER, and DROP USER for manipu- lating users, and CREATE GROUP, ALTER GROUP, and DROP GROUP for manipulating groups.
658 C H A P T E R 2 9 ■ S E C U R I N G P O S T G R E S Q L
Adding New Users
Adding new users to PostgreSQL is accomplished through the CREATE USER command. The CREATE USER command has the following syntax:
CREATE USER username [ WITH SYSID uid | CREATEDB | NOCREATEDB | CREATEUSER | NOCREATEUSER | IN GROUP groupname [, ...]
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password' | VALID UNTIL 'abstime' ]
The recommended practice is to leave the SYSID field blank, so that it will be autogenerated for you. The CREATEDB field corresponds to allowing the user to create, add, and drop databases within the database; by default, users do not get this privilege. Specifying the CREATEUSER option will create the user as an administrative-level account, allowing them to add and remove other users from the system; again, the default is to not give this privilege. You can also add the user to any groups you might have in the database, via the IN GROUP parameter. Of course, you will normally want to store a password for each user as well. Finally, the VALID UNTIL clause allows you to specify a time in which the account will expire automatically and disallow further logins.
As an example, we might create the following user howard, who has permissions to create new databases, and will be able to log in until the end of the year:
CREATE USER howard WITH PASSWORD 'T3rc35' CREATEDB VALID UNTIL '2005-12-31';
Manipulating Users
To modify the attributes of a user, we use the ALTER USER command. Its syntax looks like:
ALTER USER username [ WITH
CREATEDB | NOCREATEDB | CREATEUSER | NOCREATEUSER
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD 'password' | VALID UNTIL 'abstime'
The parameters to the ALTER USER command follow the same definitions as those of the CREATE USER command. For example, if we wanted to modify our previous user to remove the create database privileges, it would look like this:
ALTER USER howard NOCREATEDB;
Sometimes you may need to change the user’s name, in which case the alternate syntax is provided:
ALTER USER name RENAME TO newname Removing Users
To remove a user, we use the DROP USER command. Its syntax is very straightforward:
DROP USER username
The DROP USER command eliminates the user from any and all databases within a cluster.
If the user owns a database, an error will be raised and the user will not be deleted. The same is not true of other objects within a database, though. Dropping the user will leave any such objects within the database intact. However, you might end up with permission issues in the future should you need to manipulate the object in some way that requires you to be the object’s owner.
Working with PostgreSQL Groups
While PostgreSQL’s user system is flexible, it isn’t always the most convenient system to work with when you are dealing with a large number of users and privileges. To help ease this task, PostgreSQL also provides a group system, similar to the group concept used in many operating systems. With groups, you can assign a number of users to a group, set permissions at the group level, and then manipulate these privileges for all users in a single go.
Adding Groups
Adding new groups to PostgreSQL is accomplished through the CREATE GROUP command, which has the following syntax:
CREATE GROUP groupname [ WITH ]
SYSID gid
| USER username [, ...]
As with the CREATE USER command, the recommended practice is to leave the SYSID option blank so that it will be auto-generated. The USER field, which is optional, can contain one or more users. For example, if we wanted to create a group for users with full access, the command would look like this:
CREATE GROUP fullaccess WITH USER howard, rob;
Manipulating Groups
When creating a group, it may not always be feasible to add all users into a group. We may be unsure of which users need to be members of a group, and over time new users will be added into the database after our group is created. In contrast to this, we will surely also have a need to remove users from groups as our database evolves. To accomplish these tasks, we use the ALTER GROUP command:
ALTER GROUP groupname ADD USER username [,...]
ALTER GROUP groupname DROP USER username [,...]
There is also a form of the ALTER GROUP command for renaming groups:
ALTER GROUP groupname RENAME TO newgroupname
In all cases, these ALTER GROUP commands can be executed only by a database superuser.
660 C H A P T E R 2 9 ■ S E C U R I N G P O S T G R E S Q L
Deleting Groups
To remove a group, we use the DROP GROUP command:
DROP GROUP groupname
DROP GROUP removes the named group, although any users contained within the group will remain.
■ Note PostgreSQL 8.1 will introduce role support, based on the outline found in the SQL standards. Role support will further expand on the USER and GROUP feature set, and promises to be a powerful addition to the PostgreSQL toolset. In some scenarios, using roles will be preferred over the current user and group functions;
however, the current user and group functions will remain, so don’t be worried that you will have to adjust for a whole new set of commands right away. Still, you’ll want to check out the online documentation once 8.1 is released.
The GRANT and REVOKE Commands
Once users have been created within the system, the task of adding or removing privileges requires use of the GRANT and REVOKE commands. Since privileges are set at the object level, this allows for a high level of granularity for each user in the database. In this section, we take a look at the GRANT and REVOKE commands in detail and walk through a number of examples demon- strating their usage.