# ROLES AND ACCESS CONTROL

## A database role is an entity that contains information that define the role's privileges and interact with the client authentication system. Roles allow you to give different people (and often groups of people) that interact with your data different levels of access.

In [7]:
%reload_ext sql

In [8]:
%sql

 * postgresql://tati:***@localhost/dvdrental


### Imagine you founded a startup. You are about to hire a group of data scientists. You also hired someone named Marta who needs to be able to login to your database. You're also about to hire a database administrator. In this exercise, you will create these roles.

In [9]:
%sql CREATE ROLE data_scientist;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

In [10]:
%sql CREATE ROLE marta LOGIN;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

In [11]:
%sql CREATE ROLE admin WITH CREATEDB CREATEROLE;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

### Once roles are created, you grant them specific access control privileges on objects, like tables and views. Common privileges being SELECT, INSERT, UPDATE, etc.

In [12]:
# Grant data_scientist update and insert privileges on a specific view
%sql GRANT UPDATE, INSERT ON sales_by_store TO data_scientist;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

In [13]:
# Give Marta's role a password
%sql ALTER ROLE marta WITH PASSWORD 's3cur3p@ssw0rd';

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

### There are two types of roles: user roles and group roles. By assigning a user role to a group role, a database administrator can add complicated levels of access to their databases with one simple command.

In [14]:
# Add Marta to the data scientist group
%sql GRANT data_scientist TO marta;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

In [15]:
# Remove Marta from the data scientist group
%sql REVOKE data_scientist FROM MARTA;

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

# TABLE PARTITIONING

## Creating vertical partitions

### For vertical partitioning, there is no specific syntax in PostgreSQL. You have to create a new table with particular columns and copy the data there. Afterward, you can drop the columns you want in the separate partition. If you need to access the full table, you can do so by using a JOIN clause.

In [22]:
# Let's make vertical partition on address table and create separate table which will hold phone numbers
%sql CREATE TABLE phones (address_id INT, phone TEXT);

 * postgresql://tati:***@localhost/dvdrental
Done.


[]

In [23]:
# Let's copy phone numbers into new table
%sql INSERT INTO phones SELECT address_id, phone FROM address;

 * postgresql://tati:***@localhost/dvdrental
603 rows affected.


[]

In [25]:
%sql SELECT * FROM phones LIMIT 5;

 * postgresql://tati:***@localhost/dvdrental
5 rows affected.


address_id,phone
1,
2,
3,14033335568.0
4,6172235589.0
5,28303384290.0


In [None]:
# Drop phone numbers from the original table
%sql ALTER TABLE address DROP COLUMN phone;

In [31]:
# Join addresses and phones
%sql SELECT address_id, address, phones.phone FROM address JOIN phones USING(address_id) LIMIT 5;

 * postgresql://tati:***@localhost/dvdrental
5 rows affected.


address_id,address,phone
1,47 MySakila Drive,
2,28 MySQL Boulevard,
3,23 Workhaven Lane,14033335568.0
4,1411 Lillydale Drive,6172235589.0
5,1913 Hanoi Way,28303384290.0
