On this site SQLDude talks about Application roles for MSSQL Server.
A more secure approach you could use for this is called "Application Roles". When connecting from an application you assume a particular role and only that role is granted privileges required in the database. So all apps connect via this mechanism and don’t give out SQL or NT logins for any unauthorised use. You will have to call sp_setapprole in your application with a password, once the connection is established. Once this call succeeds then the connection gets the privileges of the application role and loses privileges of the actual user, which is what we want. So if someone tried to connect to the database from SSMS or SQLCMD, they will access the DB using their credentials, which won’t have the required permissions on the tables, since only the application role has the rights on the tables. This is more secure & reliable approach, but one that requires application code change and as a DBA you will have to create the application role in SQL Server.
However i can't find the equivalent for PostgreSQL?
Is there something like this available in PostgreSQL?
Related
I have created a new sql account and assigned it dbmanager and loginmanager roles. It can be used to create new databases but I am not able to access the database afterwards with that user. When right clicking the new database to run a query, the login prompt apears and says that the security principal %user% can access the database under the current security context.
I am not able to alter or grant user any access to the DB now that I can't even run any queries.
The purpose here is that I have a powershell script that creates the databases and handles the automation under a spesific SQL user. What am I missing?
The login might lacks the necessary permissions to connect to the specified database. Logins that can connect to this instance of SQL Server but do not have particular database rights inherit the guest user's permissions. This is a security feature that prevents users from connecting to databases where they do not have permissions. When the guest user does not have CONNECT permission to the identified database and the trustworthy attribute is not set, this error message appears. When the guest user does not have CONNECT authorization to the listed database, this error message appears.
You can connect to the database in one of the following ways:
Grant the specific login access to the named database.
Grant the CONNECT permission to the database named in the error message for the guest user.
Enable the TRUSTWORTHY property on the database that has authenticated the user.
Please refer to the Microsoft Document for this error: MSSQLSERVER_916
I was practicing ont mongodb documentation : https://docs.mongodb.com/manual/tutorial/enable-authentication/
and I can't figure out if the "admin" database in the example is just a database created for the tutorial or if it is a built-in database made specifically for managing admin users.
Thanks in advance.
The main purpose of this admin database is to store system collections and user authentication and authorization data, which includes the administrator and user's usernames, passwords, and roles. Access is limited to only to administrators, who have the ability to create, update, and delete users and assign roles.
When you create a database in MongoDB you don’t have authentication enabled, the user has all the privileges and roles over that database, you even have access to the database remotely if the firewall doesn’t have port 27017 blocked.
There are two special databases admin and local, users of these databases can perform operations such as those mentioned in the document on other databases to which they have access. In a development environment it is convenient not to worry about users and passwords, however, when users interact with the database remotely on an application, it is essential to activate user authentication.
The admin database is built-in database. Apart from user authentication and authorization data it also includes Roles for administering the whole system rather than just a single database. These roles are mainly related to replica set and sharded cluster administrative functions.
Roles which are created in other database than admin can only include privileges that apply to its database and can only inherit from other roles in its database.
A role created in the admin database can include privileges that apply to any database or to the cluster resource, and can inherit from roles in other databases as well as the admin database.
I want to install an application (Odoo) that uses PostgreSQL, but it needs you create a superuser Role to allow the aplication process instalation create its own database. I just created an Azure PostgreSQL database (PaaS), but the user it creats is not a Superuser, and can't create a superuser role. Is there a way to get my admin user a Superuser?
To explain the users and roles a little better for Azure Database for PostgreSQL:
By default, when a server is created we have the following 3 roles defined, which you can also see when you run SELECT rolname FROM pg_roles; –
azure_pg_admin
azure_superuser
server admin login – the admin login the user created the server with – which by default is a member of azure_pg_admin.
Ours is a managed PaaS service and Microsoft is the azure_superuser. We don’t grant superuser privileges to the user.
With that as baseline, there is at least one role (user) at any given time that is part of azure_pg_admin group i.e. server admin login. This user can create databases, create custom roles and customize privileges, and create additional users that are member of azure_pg_admin. A user is either a part of this group or not. Any user outside this group will not have those privileges.
Hope that helps answer your question.
Saloni
When we postgres as service then we cannot be superuser but can enable extensions allowed
Azure console => Azure Database for PostgreSQL flexible server => => Server parameters => azure.extensions => => Save
I'm not a DBA and I have got some questions around access controls for schemas. Let's say I have a Postgres server running a several databases. The admin user is postgres. I have another user tmpUser with which I could log in to the remote server using pgadmin3 client.
I now create a database called myDatabase which is by default owned by the postgres user. I then use my admin client to remotely log in to this myDatabase using the tmpUser account.
I now create a new schema inside this myDatabase called myDbSchema. I created a new role called myDbRole and did a grant usage, grant all on myDatabase, myDbSchema to the myDbRole.
The question now is how should I control access to this myDatabase. I tried to log in to the remote server using the tmpUser and when I tried to execute select * from myTable where myTable is a table in myDatabase, it came back with a permission denied sql message. So I changed the owner of the table to the tmpUser which I really do not want to!
Is there a guide or something on how I should go about creating and organizing roles with schemas in postgres?
It is not entirely clear what your problem is (for instance, what is role "myDbRole" for, is that a group role (NOLOGIN) or a user role (LOGIN)?) but in general you could follow this pattern of permission management:
Create a specific role to own a database and all or most of the objects in it. This should be a group role (NOLOGIN) for security reasons. Do not use the postgres user; if you need to login as that role often to do regular database work, you are doing something wrong. Any superuser (or other user role that has that role granted to it) can "impersonate" that owner role using SET SESSION AUTHORIZATION to do necessary maintenance. In a production environment this should be hardly ever necessary; during development you might want to consider making the role with LOGIN permission for ease of use.
The owner creates all the schemas, tables, views, functions, etc. that you need for your application. By default, all of those objects are only available to the database owner, with the exception of functions.
Define a number of group role profiles, each having specific requirements of the database. You could have, for instance sales_staff, product_managers, accounting and senior_management for a company, or web_user, web_admin, app_developer and app_manager for a web site. The database owner then GRANTs access to the database (CONNECT), schemas (USAGE), tables, views and functions (EXECUTE), as needed. I usually REVOKE ALL ON FUNCTION x() TO public, for security reasons.
Assign group role membership to user roles, as needed: GRANT sales_staff TO jane. The user roles should have LOGIN INHERIT such that they can log in and inherit the permission of group roles that they are a member of. That includes the permission to connect to a database and usage rights on schemas. Note that a single user role can have membership in multiple group roles.
Lastly, update your pg_hba.conf file to enable remote access to the database.
I have the following code which connects to a database on my remote server (the connection script resides on the same server):
Database::$ErrorHandle = new PDO('pgsql:host=111.222.33.44;dbname=mydatabase;', 'postgres', 'mypassword', $db_settings);
The problem is I can change the password to be anything at all and the connection is still made! Like seriously what the hell!?!
Can my database be connected to (providing you know the IP and db name) by anyone from a PHP script running on a different server?
How can I enforce passwords, I have looked at the following stack overflow page and did what they said but still no luck:
How to change PostgreSQL user password?
I am running Ubuntu 12.04 server with PHP 5.5 and Apache2
Off course your postgresql database can be properly configured to only connect with authenticated users even certain users (Roles in Postgres) from certain IPs/sockets.
Some considerations:
Do you see data? Or can you just connect to the server? Can you list the databases?
Look at your pg_hba.conf and setup the proper permissions, per role per database per source
Did you grant access to the mydatabase to everyone? Which roles did you grant access?
Does the database have its tables in the public scheme? And granted access to the public?
Yes, with this configuration everyone who knows your IP and database name can connect to your database.