If a similar information set needs to be regularly obtained from the Smarts NCM PostgreSQL Control Database, a user account with read-only privileges on the tables containing the target data should be created for that purpose. The following sections provide instructions to:
Creating a read-only user account To create a read-only user account with appropriate privileges, the following tasks must be completed:
-
The user account must be created.
-
The default_transaction_read_only flag on the new user account must be set.
-
The account must be granted connect privileges to the database.
-
The account must be granted usage privileges on the schema containing the tables to which the user will be given read-only access.
-
The account must be granted specific select privileges on each table the user will be allowed read-only access to.
-
All queries run by the read-only access user must refer to the table and its schema in <schema name>.<table name> format.
Example:
If there were a need to list all virtual device names along with which workspace they belong to, you would run the following query (note that the table names are expressed in <schema name>.<table name> format as would be required for the query to run successfully if logged in as a read-only user):
SELECT
device_name,
workspace_name
FROM
voyence.cm_device
JOIN
voyence.cm_design_workspace
ON
cm_device.design_workspace_id = cm_design_workspace.design_workspace_id;
This query references both the cm_device and cm_design_workspace tables in the voyence schema inside the voyencdedb database.
Adjusting the account privileges to read the databaseTo create a read-only user account with sufficient privileges to run the above query, the following commands would need to be run while logged into the database as the voyence user.
CREATE ROLE read_only_user WITH LOGIN PASSWORD 'changeme'; ALTER USER read_only_user SET default_transaction_read_only = on; GRANT CONNECT ON DATABASE voyencedb TO read_only_user; GRANT USAGE ON SCHEMA voyence TO read_only_user; GRANT SELECT ON cm_device TO read_only_user; GRANT SELECT ON cm_design_workspace TO read_only_user; Removing the read-only user accountOnce a user account is no longer needed, it should be removed from the database. To accomplish this, the account permissions must first be removed from the account in order of dependency (typically table, then schema, then database). For example, to remove the user account added in the previous example, the following commands would be run while logged into the 'voyencedb' database as user 'voyence':
REVOKE SELECT ON cm_device FROM read_only_user; REVOKE USAGE ON SCHEMA voyence FROM read_only_user; REVOKE CONNECT ON DATABASE voyencedb FROM read_only_user; DROP USER read_only_user;