From 487ad1e27cf90c02a32bfb95bcf14fb2d75f2976 Mon Sep 17 00:00:00 2001 From: Dominik Moritz Date: Tue, 9 Oct 2012 20:40:36 +0100 Subject: [PATCH] Improved the overall script and fixed the grant permissions stuff --- ckanext/datastore/bin/set_permissions.sql | 12 ++++++------ ckanext/datastore/commands.py | 3 +-- doc/datastore.rst | 8 +++++--- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/ckanext/datastore/bin/set_permissions.sql b/ckanext/datastore/bin/set_permissions.sql index 08206449a3e..1bbc06d203f 100644 --- a/ckanext/datastore/bin/set_permissions.sql +++ b/ckanext/datastore/bin/set_permissions.sql @@ -14,15 +14,15 @@ To run the script, execute: */ -- name of the main CKAN database -\set maindb "{ckandb}" +\set maindb '{ckandb}' -- the name of the datastore database \set datastoredb '{datastoredb}' -- username of the ckan postgres user -\set ckanuser '{ckanuser}' +\set ckanuser "{ckanuser}" -- username of the datastore user that can write -\set wuser '{writeuser}' +\set wuser "{writeuser}" -- username of the datastore user who has only read permissions -\set rouser '{readonlyuser}' +\set rouser "{readonlyuser}" -- revoke permissions for the read-only user ---- this step can be ommitted if the datastore not @@ -33,8 +33,8 @@ REVOKE USAGE ON SCHEMA public FROM PUBLIC; GRANT CREATE ON SCHEMA public TO :ckanuser; GRANT USAGE ON SCHEMA public TO :ckanuser; -GRANT CREATE ON SCHEMA public TO :ckanuser; -GRANT USAGE ON SCHEMA public TO :ckanuser; +GRANT CREATE ON SCHEMA public TO :wuser; +GRANT USAGE ON SCHEMA public TO :wuser; -- take connect permissions from main CKAN db ---- again, this can be ommited if the read-only user can never have diff --git a/ckanext/datastore/commands.py b/ckanext/datastore/commands.py index 3cc4a402022..364e163eddb 100644 --- a/ckanext/datastore/commands.py +++ b/ckanext/datastore/commands.py @@ -49,11 +49,10 @@ def command(self): if len(self.args) != 2: print self.usage return - self.sql_superuser = self.args[1] if cmd == 'set-permissions': setup.set_permissions( - pguser=self.sql_superuser, + pguser=self.args[1], ckandb=self.db_ckan_url_parts['db_name'], datastoredb=self.db_write_url_parts['db_name'], ckanuser=self.db_ckan_url_parts['db_user'], diff --git a/doc/datastore.rst b/doc/datastore.rst index 9d61d8fb336..e9bb3bb5faa 100644 --- a/doc/datastore.rst +++ b/doc/datastore.rst @@ -6,7 +6,7 @@ The CKAN DataStore provides a database for structured storage of data together with a powerful Web-accessible Data API, all seamlessly integrated into the CKAN interface and authorization system. -.. note:: The DataStore requires PostgreSQL 9.0 or later. It is possible to use the DataStore on verions prior to 9.0 (for example 8.4). However, the :ref:`datastore_search_sql` will not be available and the set-up is slightly different. See :ref:`old_pg` for mroe details. +.. note:: The DataStore requires PostgreSQL 9.0 or later. It is possible to use the DataStore on verions prior to 9.0 (for example 8.4). However, the :ref:`datastore_search_sql` will not be available and the set-up is slightly different. Make sure, you read :ref:`old_pg` for more details. .. warning:: The DataStore does not support hiding resources in a private dataset. @@ -48,6 +48,8 @@ A few things have to be kept in mind: Create users and databases ~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. tip:: The write user does not have to be created since you can also use the CKAN user. However, this might not be possible if the CKAN database and the DataStore database are on different servers. We recommend that you use the same user for CKAN and the write datastore user if possible. + Create a write user called ``writeuser``, and enter pass for the password when prompted:: sudo -u postgres createuser -S -D -R -P -l writeuser @@ -77,12 +79,12 @@ Once the datastore database and the users are created, the permissions on the da To set the permissions, use this paster command after you've set the database urls:: - paster datastore create-all SQL_SUPER_USER + paster datastore set-permissions SQL_SUPER_USER 2. Use the **command line tool** in ``datastore/bin/datastore_setup.py`` -.. note:: This option should be used if the ckan server is different from the database server. +.. note:: This option should be used if the CKAN server is different from the database server. Copy the content from the ``datastore/bin/`` directory to the database server. Then run the command line tool to set the permissions on the database. To see all available options, run::