Liquibase Enterprise was formerly known as Datical DB.
Postgres EDB, PostgreSQL, and Azure Database for Postgres Setup
Platform Support
Liquibase Enterprise supports these Postgres platforms and variants:
- EDB Postgres
- PostgreSQL (on-premise)
- PostgreSQL on Amazon RDS
- PostgreSQL on Amazon Aurora
See Hardware, Software, and Database Requirements for more information on version support.
Prerequisite: Ownership of Schema and Database Objects
In order for Liquibase Enterprise to manage an existing Postgres instance, it must connect as a user with at least one of the following requirements:
- Owns all schema to be managed by Liquibase Enterprise and owns all objects in those schema.
- Is a superuser (on-prem only–the superuser on Amazon RDS or Aurora does not have sufficient permissions)
Postgres has a distinction between ownership and privilege, and only one user may own an object. Only the owner (or a superuser) may alter or drop a given object. Therefore, simply granting the owner's role to another user is not sufficient. Ownership must be explicitly transferred (see below). When managing Postgres databases, please disregard any documentation referencing the use of multiple roles for Liquibase Enterprise connection users.
"The right to modify or destroy an object is always the privilege of the owner only." - from PostgreSQL documentation https://www.postgresql.org/docs/9.6/ddl-priv.html
Since it is necessary for Liquibase Enterprise to perform both backup and restore operations on all schema it manages (which involves dropping and recreating entire schema and their objects), its connection user must own these schema and objects. If it does not, packaging fails and a permissions error is reported.
Special Instructions for Postgres in Amazon RDS
If you are using Postgres for Amazon RDS or for Aurora, the admin user they provide is NOT a true superuser and its privileges are NOT sufficient to perform Liquibase Enterprise operations. The user specified in the DbDef connection must have proper permissions on the database (connect, create, and temporary are suggested) as well as ownership of schema and objects as described above. See AWS documentation for more information.
Pipeline Steps in the Project
Each database in your release pipeline is represented as a step in the Liquibase Enterprise project. Each step has its own set of connection information, including the user to connect as (the connection user).
At each step, the connection user must be the owner of all schema managed by Liquibase Enterprise and the owner of all objects in that schema.
Note
You do not have to use the same user for every step in the pipeline, as long as that user has the requisite ownership to perform Liquibase Enterprise operations.
Choosing a User to Manage PostgreSQL or Azure Postgres Databases
If you already have a user with the requisite ownership, you can configure Liquibase Enterprise to connect as that user and skip the following steps.
Creating a User to Manage PostgreSQL or Azure Postgres Databases
If you want to create a new user to be the Liquibase Enterprise connection user, then you have two options:
- Ensure that user is a superuser (on-prem Postgres)
- Transfer ownership of all existing schema to be managed by Liquibase Enterprise and all objects in those schema.
The following sections show how to create a user, grant the required permissions, and transfer ownership of database objects.
1. Creating the Liquibase Enterprise User and Granting the Required Permissions
Log in as a superuser and run the following commands, substituting user and database name appropriately.
CREATE USER "datical_user" WITH PASSWORD '<password>'; GRANT CREATE, CONNECT, TEMPORARY ON DATABASE "your_database_name" TO "datical_user" WITH GRANT OPTION;
It is important to note that for the user name in Azure Postgres to be complete, you must add the server name that already exists in the Azure portal. When you want to connect as a newly created user to Azure Postgres, the full username formula looks like this:
<username>@<server_name>
2. Transferring Ownership of Database Objects to the Liquibase Enterprise User
You must either log in as a superuser or the object owner to transfer ownership.
- Make the current owner a member of the Liquibase Enterprise user role.
Log in as a superuser or the Liquibase Enterprise user and grant membership:
GRANT "datical_user" to "current_owner";
- Transfer ownership of database objects.
To transfer ownership of a schema:
ALTER SCHEMA "schema_name" OWNER TO "datical_user";
To transfer ALL objects on a database to another user:
REASSIGN OWNED BY "current_owner" TO "datical_user";
To transfer a single object on a database to another user, please refer to the appropriate ALTER statement for that object type in the Postgres documentation.
Limitations
Function Type Support On Cloud Environments
This is general information about Amazon support for these functions. The user with the highest level of permissions on Aurora/RDS (rds_superuser) does not have the capability to create certain functions. This is the case whether you are using Liquibase Enterprise or not!
Function Type | Community Edition | Cloud (Aurora/RDS) |
---|---|---|
query language functions | ||
procedural language functions (TRUSTED) | ||
procedural language functions (UNTRUSTED) | ||
internal functions | ||
C-language functions |
Copyright © Liquibase 2012-2022 - Proprietary and Confidential