AD(Active Directory) groups concepts in postgres
Hi All,
Can we use AD(Active Directory) groups concepts in postgres as we are using
this concepts in SQL server.
So, is there any possible to work with AD groups such as (IT-DBA,
IT-APPS..etc ) in postgresql.
-Pawan
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Pawan,<br>
<br>
Il 02/02/2017 16:49, PAWAN SHARMA ha scritto:<br>
</div>
<blockquote
cite="mid:CAPgXFMTcNYvha0d2gjR7r=Nm9VAirzg-uJHVT_pezN4SoM_zqw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Hi All,</div>
</div>
</div>
</div>
</div>
<div><br>
</div>
<div>Can we use AD(Active Directory) groups concepts
in postgres as we are using this concepts in SQL
server.</div>
<div><br>
</div>
<div>So, is there any possible to work with AD groups
such as (IT-DBA, IT-APPS..etc ) in postgresql.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Like this?<br>
<a class="moz-txt-link-freetext" href="https://wiki.postgresql.org/wiki/LDAP_Authentication_against_AD">https://wiki.postgresql.org/wiki/LDAP_Authentication_against_AD</a><br>
<br>
Cheers<br>
Moreno<br>
<br>
<blockquote
cite="mid:CAPgXFMTcNYvha0d2gjR7r=Nm9VAirzg-uJHVT_pezN4SoM_zqw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div class="gmail_signature" data-smartmail="gmail_signature">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>-Pawan</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>
On 2/2/2017 8:24 AM, Moreno Andreo wrote:
Can we use AD(Active Directory) groups concepts in postgres as we are
using this concepts in SQL server.So, is there any possible to work with AD groups such as (IT-DBA,
IT-APPS..etc ) in postgresql.Like this?
https://wiki.postgresql.org/wiki/LDAP_Authentication_against_AD
that handles authentication, but AFAIK, postgresql has no concept of
Active Directory groups, only group roles defined within the postgres
server. even if you're using AD for authentication, you still have
to create roles in postgresql, and put these roles in groups.
--
john r pierce, recycling bits in santa cruz
On Fri, Feb 3, 2017 at 12:08 AM, John R Pierce <pierce@hogranch.com> wrote:
On 2/2/2017 8:24 AM, Moreno Andreo wrote:
Can we use AD(Active Directory) groups concepts in postgres as we are
using this concepts in SQL server.So, is there any possible to work with AD groups such as (IT-DBA,
IT-APPS..etc ) in postgresql.Like this?
https://wiki.postgresql.org/wiki/LDAP_Authentication_against_ADthat handles authentication, but AFAIK, postgresql has no concept of
Active Directory groups, only group roles defined within the postgres
server. even if you're using AD for authentication, you still have to
create roles in postgresql, and put these roles in groups.--
john r pierce, recycling bits in santa cruz
Thanks John,
So, We need to follow below steps in such case:
1: Create User
2:Create group
3:Alter Group Add/Remove User's......????????
On 2/2/2017 11:09 AM, PAWAN SHARMA wrote:
1: Create User
2:Create group
3:Alter Group Add/Remove User's......????????
create user user1;
create user user2;
create group group1;
grant group1 to user1, user2;
in fact in postgres, both users and groups are roles, the only
distinction is in how they are used. CREATE USER xxxx is exactly the
same as CREATE ROLE xxxx WITH LOGIN;
--
john r pierce, recycling bits in santa cruz
On Fri, Feb 3, 2017 at 12:47 AM, John R Pierce <pierce@hogranch.com> wrote:
On 2/2/2017 11:09 AM, PAWAN SHARMA wrote:
1: Create User
2:Create group
3:Alter Group Add/Remove User's......????????create user user1;
create user user2;
create group group1;
grant group1 to user1, user2;in fact in postgres, both users and groups are roles, the only distinction
is in how they are used. CREATE USER xxxx is exactly the same as CREATE
ROLE xxxx WITH LOGIN;--
john r pierce, recycling bits in santa cruz
Hi John
For testing i have created
1:create user user1;
2:create user user2;
3:create group dba_group;
4:grant dba_group to user1;
5:ALTER group dba_group
CREATEDB
CREATEROLE;
but still user1 don't have createdb and createrole privilege, even he is
assigned to dba_group which having both the privileges..?
.
On 2/2/2017 12:13 PM, PAWAN SHARMA wrote:
For testing i have created > > 1:create user user1; 2:create user user2; 3:create group
dba_group; > 4:grant dba_group to user1; 5:ALTER group dba_group
CREATEDB > CREATEROLE; > > > but still user1 don't have createdb and
createrole privilege, even he > is assigned to dba_group which having
both the privileges..?
those sorts of attributes don't inherit with role membership. role
membership affects table access rights and such. you have read the
documentation on this, yes? see the note on
https://www.postgresql.org/docs/current/static/sql-createrole.html where
it says...
The INHERIT attribute governs inheritance of grantable privileges
(that is, access privileges for database objects and role
memberships). It does not apply to the special role attributes set
by CREATE ROLE and ALTER ROLE. For example, being a member of a role
with CREATEDB privilege does not immediately grant the ability to
create databases, even if INHERIT is set; it would be necessary to
become that role via SET ROLE before creating a database.
--
john r pierce, recycling bits in santa cruz