SlideShare a Scribd company logo

Centralising Authorisation in PostgreSQL

G
Gary Evans

The document discusses implementing centralized authorization in PostgreSQL by synchronizing user roles and privileges with an LDAP server. It provides a step-by-step approach to setting up LDAP authentication in PostgreSQL and using scripts to synchronize user roles and privileges between the database and LDAP based on group membership. The synchronization scripts create roles for each LDAP user, grant privileges to roles based on mapping rules, and handle role inheritance.

Data & Analytics
1 of 17
Download to read offline
Centralising Authorization in PostgreSQL Experimenting with LDAP synchronization
Structure of this talk…  A summary of my experience with implementing a simple form of Centralized Authorisation  A step by step approach
Authentication versus Authorisation PostgreSQL LDAP Authentication ldap ldapserver=servername.ad.company.au ldaptls=1 ldapbasedn="ou=AU,dc=ad,dc=company,dc=au" ldapbinddn="cn=Gary Evans,ou=consultant,ou=ThirdParty Contractors,ou=Users, ou=AU,dc=ad,dc=corelogic,dc=asia" ldapbindpasswd="<the password>" ldapsearchattribute=sAMAccountName
Benefits of a centralized approach  Single point of control of database users  Adding a user can be done by help desk  Less error prone
Synchronisation Approach StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges
Synchronisation Approach Server StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"' ,OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompany name,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x'
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=companyna me,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/ schemaname -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/performance -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompanyn ame,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/performance -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Existing tool Pg-ldap-sync

Recommended

PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL
PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQLPGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL
PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQLPGConf APAC
 
DBIx-DataModel v2.0 in detail
DBIx-DataModel v2.0 in detail DBIx-DataModel v2.0 in detail
DBIx-DataModel v2.0 in detail Laurent Dami
 
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Cliff Seal
 
Doctrine 2
Doctrine 2Doctrine 2
Doctrine 2zfconfua
 
Drupal II: The SQL
Drupal II: The SQLDrupal II: The SQL
Drupal II: The SQLddiers
 
Spring data iii
Spring data iiiSpring data iii
Spring data iii명철 강
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From IusethisMarcus Ramberg
 
Read, store and create xml and json
Read, store and create xml and jsonRead, store and create xml and json
Read, store and create xml and jsonKim Berg Hansen
 

Recommended

PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL
PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQLPGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL
PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQLPGConf APAC
 
DBIx-DataModel v2.0 in detail
DBIx-DataModel v2.0 in detail DBIx-DataModel v2.0 in detail
DBIx-DataModel v2.0 in detail Laurent Dami
 
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Cliff Seal
 
Doctrine 2
Doctrine 2Doctrine 2
Doctrine 2zfconfua
 
Drupal II: The SQL
Drupal II: The SQLDrupal II: The SQL
Drupal II: The SQLddiers
 
Spring data iii
Spring data iiiSpring data iii
Spring data iii명철 강
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From IusethisMarcus Ramberg
 
Read, store and create xml and json
Read, store and create xml and jsonRead, store and create xml and json
Read, store and create xml and jsonKim Berg Hansen
 
FleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in ClojureFleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in ClojureMark McGranaghan
 
FleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in ClojureFleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in Clojureelliando dias
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioningSource Ministry
 
CodeIgniter Class Reference
CodeIgniter Class ReferenceCodeIgniter Class Reference
CodeIgniter Class ReferenceJamshid Hashimi
 
Advanced php testing in action
Advanced php testing in actionAdvanced php testing in action
Advanced php testing in actionJace Ju
 
Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0Scott Leberknight
 
Doctrine fixtures
Doctrine fixturesDoctrine fixtures
Doctrine fixturesBill Chang
 
Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)Vitaly Brusentsev
 
Opencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJSOpencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJSbuttyx
 
Multi tenant laravel
Multi tenant laravelMulti tenant laravel
Multi tenant laravelPeter Mein
 
Cascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGCascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGMatthew McCullough
 
Models and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsModels and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsRoss Tuck
 
A Tour to MySQL Commands
A Tour to MySQL CommandsA Tour to MySQL Commands
A Tour to MySQL CommandsHikmat Dhamee
 
Cache metadata
Cache metadataCache metadata
Cache metadataJoris Vercammen
 
Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5Leonardo Proietti
 
Symfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il clienteSymfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il clienteLeonardo Proietti
 
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you needDutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you needKacper Gunia
 
The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016Kacper Gunia
 
An introduction to CouchDB
An introduction to CouchDBAn introduction to CouchDB
An introduction to CouchDBDavid Coallier
 
Meet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for PerformanceMeet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for PerformanceIvan Chepurnyi
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directoryDan Morrill
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 

More Related Content

What's hot

FleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in ClojureFleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in ClojureMark McGranaghan
 
FleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in ClojureFleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in Clojureelliando dias
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioningSource Ministry
 
CodeIgniter Class Reference
CodeIgniter Class ReferenceCodeIgniter Class Reference
CodeIgniter Class ReferenceJamshid Hashimi
 
Advanced php testing in action
Advanced php testing in actionAdvanced php testing in action
Advanced php testing in actionJace Ju
 
Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0Scott Leberknight
 
Doctrine fixtures
Doctrine fixturesDoctrine fixtures
Doctrine fixturesBill Chang
 
Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)Vitaly Brusentsev
 
Opencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJSOpencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJSbuttyx
 
Multi tenant laravel
Multi tenant laravelMulti tenant laravel
Multi tenant laravelPeter Mein
 
Cascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGCascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGMatthew McCullough
 
Models and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsModels and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsRoss Tuck
 
A Tour to MySQL Commands
A Tour to MySQL CommandsA Tour to MySQL Commands
A Tour to MySQL CommandsHikmat Dhamee
 
Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5Leonardo Proietti
 
Symfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il clienteSymfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il clienteLeonardo Proietti
 
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you needDutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you needKacper Gunia
 
The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016Kacper Gunia
 
An introduction to CouchDB
An introduction to CouchDBAn introduction to CouchDB
An introduction to CouchDBDavid Coallier
 
Meet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for PerformanceMeet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for PerformanceIvan Chepurnyi
 

What's hot (20)

FleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in ClojureFleetDB: A Schema-Free Database in Clojure
FleetDB: A Schema-Free Database in Clojure
 
FleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in ClojureFleetDB A Schema-Free Database in Clojure
FleetDB A Schema-Free Database in Clojure
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioning
 
CodeIgniter Class Reference
CodeIgniter Class ReferenceCodeIgniter Class Reference
CodeIgniter Class Reference
 
Advanced php testing in action
Advanced php testing in actionAdvanced php testing in action
Advanced php testing in action
 
Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0Cloudera Impala, updated for v1.0
Cloudera Impala, updated for v1.0
 
Doctrine fixtures
Doctrine fixturesDoctrine fixtures
Doctrine fixtures
 
Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)Event sourcing in the functional world (22 07-2021)
Event sourcing in the functional world (22 07-2021)
 
Opencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJSOpencast Admin UI - Introduction to developing using AngularJS
Opencast Admin UI - Introduction to developing using AngularJS
 
Multi tenant laravel
Multi tenant laravelMulti tenant laravel
Multi tenant laravel
 
Cascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUGCascading Through Hadoop for the Boulder JUG
Cascading Through Hadoop for the Boulder JUG
 
Models and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and HobgoblinsModels and Service Layers, Hemoglobin and Hobgoblins
Models and Service Layers, Hemoglobin and Hobgoblins
 
A Tour to MySQL Commands
A Tour to MySQL CommandsA Tour to MySQL Commands
A Tour to MySQL Commands
 
Cache metadata
Cache metadataCache metadata
Cache metadata
 
Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5Rich domain model with symfony 2.5 and doctrine 2.5
Rich domain model with symfony 2.5 and doctrine 2.5
 
Symfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il clienteSymfony2, creare bundle e valore per il cliente
Symfony2, creare bundle e valore per il cliente
 
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you needDutch PHP Conference - PHPSpec 2 - The only Design Tool you need
Dutch PHP Conference - PHPSpec 2 - The only Design Tool you need
 
The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016The IoC Hydra - Dutch PHP Conference 2016
The IoC Hydra - Dutch PHP Conference 2016
 
An introduction to CouchDB
An introduction to CouchDBAn introduction to CouchDB
An introduction to CouchDB
 
Meet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for PerformanceMeet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
Meet Magento Sweden - Magento 2 Layout and Code Compilation for Performance
 

Similar to Centralising Authorisation in PostgreSQL

Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directoryDan Morrill
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAPDashamir Hoxha
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesLindsay Holmwood
 
Why is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenariosWhy is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenariosDivante
 
FamilySearch Reference Client
FamilySearch Reference ClientFamilySearch Reference Client
FamilySearch Reference ClientDallan Quass
 
XQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database SednaXQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database Sednamaria.grineva
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Shinya Ohyanagi
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hackingJeroen van Dijk
 
Creating and Maintaining WordPress Plugins
Creating and Maintaining WordPress PluginsCreating and Maintaining WordPress Plugins
Creating and Maintaining WordPress PluginsMark Jaquith
 
Api Design
Api DesignApi Design
Api Designsartak
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For BeginnersJonathan Wage
 
Application Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud ReadinessApplication Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud ReadinessThe Incredible Automation Day
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetOlinData
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetWalter Heck
 

Similar to Centralising Authorisation in PostgreSQL (20)

Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directory
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAP
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
 
Why is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenariosWhy is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenarios
 
FamilySearch Reference Client
FamilySearch Reference ClientFamilySearch Reference Client
FamilySearch Reference Client
 
XQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database SednaXQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database Sedna
 
Framework
FrameworkFramework
Framework
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
 
About Data::ObjectDriver
About Data::ObjectDriverAbout Data::ObjectDriver
About Data::ObjectDriver
 
Creating and Maintaining WordPress Plugins
Creating and Maintaining WordPress PluginsCreating and Maintaining WordPress Plugins
Creating and Maintaining WordPress Plugins
 
Talk MongoDB - Amil
Talk MongoDB - AmilTalk MongoDB - Amil
Talk MongoDB - Amil
 
Api Design
Api DesignApi Design
Api Design
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For Beginners
 
Application Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud ReadinessApplication Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud Readiness
 
Redis for your boss
Redis for your bossRedis for your boss
Redis for your boss
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
 
Dependency Injection
Dependency InjectionDependency Injection
Dependency Injection
 
PHP Data Objects
PHP Data ObjectsPHP Data Objects
PHP Data Objects
 

Recently uploaded

Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...gajnagarg
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...Bertram Ludäscher
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...nirzagarg
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...HyderabadDolls
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...nirzagarg
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...gragchanchal546
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...Elaine Werffeli
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Valters Lauzums
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样wsppdmt
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraGovindSinghDasila
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRajesh Mondal
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...kumargunjan9515
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1ranjankumarbehera14
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangeThinkInnovation
 
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...HyderabadDolls
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfSayantanBiswas37
 
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book nowgargpaaro
 

Recently uploaded (20)

Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
Reconciling Conflicting Data Curation Actions: Transparency Through Argument...
 
Abortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get CytotecAbortion pills in Jeddah | +966572737505 | Get Cytotec
Abortion pills in Jeddah | +966572737505 | Get Cytotec
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
 
Aspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - AlmoraAspirational Block Program Block Syaldey District - Almora
Aspirational Block Program Block Syaldey District - Almora
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
 
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
Jodhpur Park | Call Girls in Kolkata Phone No 8005736733 Elite Escort Service...
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
 
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book nowVadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
Vadodara 💋 Call Girl 7737669865 Call Girls in Vadodara Escort service book now
 

Centralising Authorisation in PostgreSQL

  • 1. Centralising Authorization in PostgreSQL Experimenting with LDAP synchronization
  • 2. Structure of this talk…  A summary of my experience with implementing a simple form of Centralized Authorisation  A step by step approach
  • 3. Authentication versus Authorisation PostgreSQL LDAP Authentication ldap ldapserver=servername.ad.company.au ldaptls=1 ldapbasedn="ou=AU,dc=ad,dc=company,dc=au" ldapbinddn="cn=Gary Evans,ou=consultant,ou=ThirdParty Contractors,ou=Users, ou=AU,dc=ad,dc=corelogic,dc=asia" ldapbindpasswd="<the password>" ldapsearchattribute=sAMAccountName
  • 4. Benefits of a centralized approach  Single point of control of database users  Adding a user can be done by help desk  Less error prone
  • 6. Synchronisation Approach Server StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"' ,OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompany name,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x'
  • 7. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 8. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 9. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5
  • 10. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=companyna me,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/ schemaname -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/performance -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
  • 11. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompanyn ame,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/performance -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
  • 12. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 13. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner
  • 14. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
  • 15. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
  • 16. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance