| Table of Contents |
|---|
| Info |
|---|
This page is currently invisible to customers through Restrictions |
Platform Support
Datical DB Liquibase Enterprise supports these Postgres platforms and variants:
...
See Hardware, Software, and Database Requirements for more information on version support.
Prerequisite: Ownership of Schema and Database Objects
In order for Datical DB Liquibase Enterprise to manage an existing Postgres instance, it must connect as a user with at least one of the following requirements:
- Owns all schema to be managed by Datical DB by Liquibase Enterprise and owns all objects in those schema.
- Is a superuser (on-prem only–the superuser on Amazon RDS or Aurora does not have sufficient permissions)
Postgres has a distinction between ownership and privilege, and only one user may own an object. Only the owner (or a superuser) may alter or drop a given object. Therefore, simply granting the owner's role to another user is not sufficient. Ownership must be explicitly transferred (see below). When managing Postgres databases, please disregard any documentation referencing the use of multiple roles for Datical DB for Liquibase Enterprise connection users.
"The right to modify or destroy an object is always the privilege of the owner only." - from PostgreSQL documentation https://www.postgresql.org/docs/9.6/ddl-priv.html
Since it is necessary for Datical DB for Liquibase Enterprise to perform both backup and restore operations on all schema it manages (which involves dropping and recreating entire schema and their objects), its connection user must own these schema and objects. If it does not, packaging fails and a permissions error is reported.
| Warning | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||
If you are using Postgres for Amazon RDS or for Aurora, the admin user they provide is NOT a true superuser and its privileges are NOT sufficient to perform Datical DB perform Liquibase Enterprise operations. The user specified in the DbDef connection must have proper permissions on the database (connect, create, and temporary are suggested) as well as ownership of schema and objects as described above. See AWS documentation for more information.
|
Pipeline Steps in the Project
Each database in your release pipeline is represented as a step in the Datical DB the Liquibase Enterprise project. Each step has its own set of connection information, including the user to connect as (the connection user).
At each step, the connection user must be the owner of all schema managed by Datical DB by Liquibase Enterprise and the owner of all objects in that schema.
| Info | ||
|---|---|---|
| ||
You do not have to use the same user for every step in the pipeline, as long as that user has the requisite ownership to perform Datical DB perform Liquibase Enterprise operations. |
Choosing a User to Manage PostgreSQL or Azure Postgres Databases
If you already have a user with the requisite ownership, you can configure Datical DB configure Liquibase Enterprise to connect as that user and skip the following steps.
Creating a User to Manage PostgreSQL
...
or Azure Postgres Databases
If you want to create a new user to be the Datical DB the Liquibase Enterprise connection user, then you have two options:
- Ensure that user is a superuser (on-prem Postgres)
- Transfer ownership of all existing schema to be managed by Datical DB by Liquibase Enterprise and all objects in those schema.
The following sections show how to create a user, grant the required permissions, and transfer ownership of database objects.
1. Creating the
...
Liquibase Enterprise User and Granting the Required Permissions
Log in as a superuser and run the following commands, substituting user and database name appropriately.
| Code Block | ||
|---|---|---|
| ||
CREATE USER "datical_user" WITH PASSWORD 'password<password>'; GRANT CREATE, CONNECT, TEMPORARY ON DATABASE "your_database_name" TO "datical_user" WITH GRANT OPTION; |
...
| Info |
|---|
It is important to |
...
note that for the user name |
...
| Code Block | ||
|---|---|---|
| ||
| CREATE USER "datical_user@<server_name>" WITH PASSWORD 'password';
GRANT CREATE, CONNECT, TEMPORARY ON DATABASE "your_database_name" TO "datical_user" WITH GRANT OPTION; in Azure Postgres to be complete, you must add the server name that already exists in the Azure portal. When you want to connect as a newly created user to Azure Postgres, the full username formula looks like this: <username>@<server_name> |
2. Transferring Ownership of Database Objects to the
...
Liquibase Enterprise User
You must either log in as a superuser or the object owner to transfer ownership.
...
- Make the current owner a member of the Datical Liquibase Enterprise user role.
Log in as a superuser or the Datical Liquibase Enterprise user and grant membership:
Code Block language sql GRANT "datical_user" to "current_owner";
- Transfer ownership of database objects.
To transfer ownership of a schema:
Code Block language sql ALTER SCHEMA "schema_name" OWNER TO "datical_user";
To transfer ALL objects on a database to another user:
Code Block language sql REASSIGN OWNED BY "current_owner" TO "datical_user";
To transfer a single object on a database to another user, please refer to the appropriate ALTER statement for that object type in the Postgres documentation.
Limitations
- See Known Issues in /wiki/spaces/D19Q2/pages/848725720 and release notes for maintenance releases.
Function Type Support On Cloud Environments
This is general information about Amazon support for these functions. The user with the highest level of permissions on Aurora/RDS (rds_superuser) does not have the capability to create certain functions. This is the case whether you are using Datical Liquibase Enterprise or not!
| Function Type | Community Edition | Cloud (Aurora/RDS) |
|---|---|---|
| query language functions |  | |
| procedural language functions (TRUSTED) | | |
| procedural language functions (UNTRUSTED) | |  |
| internal functions | | |
| C-language functions | | |
...