Skip to content
This repository was archived by the owner on Jun 15, 2023. It is now read-only.

Split DB Access section into two #2

Merged
merged 2 commits into from
Mar 7, 2018
Merged

Split DB Access section into two #2

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f300da4
Divide section about connection and privileges
Mar 6, 2018
0daedbf
Update TOC
Mar 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions doc_source/Appendix.PostgreSQL.CommonDBATasks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ For information about working with PostgreSQL log files on Amazon RDS, see [Post

+ [Creating Roles](#Appendix.PostgreSQL.CommonDBATasks.Roles)
+ [Managing PostgreSQL Database Access](#Appendix.PostgreSQL.CommonDBATasks.Access)
+ [Setting PostgreSQL Database Privileges](#Appendix.PostgreSQL.CommonDBATasks.Privileges)
+ [Working with PostgreSQL Parameters](#Appendix.PostgreSQL.CommonDBATasks.Parameters)
+ [Working with PostgreSQL Autovacuum on Amazon RDS](#Appendix.PostgreSQL.CommonDBATasks.Autovacuum)
+ [Audit Logging for a PostgreSQL DB Instance](#Appendix.PostgreSQL.CommonDBATasks.Auditing)
Expand All @@ -32,6 +33,10 @@ GRANT ROLE

## Managing PostgreSQL Database Access<a name="Appendix.PostgreSQL.CommonDBATasks.Access"></a>

On a local instance, you can specify different access methods in the pg\_hba\.conf file\. However, changes to the pg\_hba\.conf file require operating system access, so you cannot edit the pg\_hba\.conf in Amazon RDS\. Therefore the only allowed authentication method is `md5`, meaning password authentication\. To avoid sending unencrypted passwords, cosider [setting up SSL](CHAP_PostgreSQL.md#PostgreSQL.Concepts.General.SSL) for your database connections\.

## Setting PostgreSQL Database Privileges<a name="Appendix.PostgreSQL.CommonDBATasks.Privileges"></a>

By default, when PostgreSQL database objects are created, they receive "public" access privileges\. You can revoke all privileges to a database and then explicitly add privileges back as you need them\.

As the master user, you can remove all privileges from a database using the following command format\.
Expand All @@ -48,7 +53,8 @@ grant connect on database test to mytestuser;
GRANT
```

On a local instance, you can specify database privileges in the pg\_hba\.conf file\. However, when using PostgreSQL with Amazon RDS it is better to restrict privileges at the PostgreSQL level\. Changes to the pg\_hba\.conf file require a server restart so you cannot edit the pg\_hba\.conf in Amazon RDS, but privilege changes at the PostgreSQL level occur immediately\.
For more details, please consult the official PostgreSQL documentation on the [`GRANT`](https://www.postgresql.org/docs/current/static/sql-grant.html) command\.


## Working with PostgreSQL Parameters<a name="Appendix.PostgreSQL.CommonDBATasks.Parameters"></a>

Expand Down Expand Up @@ -954,4 +960,4 @@ If you want to enable `orafce` on a different database in the same instance, use
ALTER SCHEMA oracle OWNER TO rds_superuser;
```
**Note**
If you want to see the list of owners for the oracle schema, use the `\dn` psql command\.
If you want to see the list of owners for the oracle schema, use the `\dn` psql command\.