LogoLogo
  • Overview
  • publisher
    • Introduction
    • Getting Started
      • Logging in to Publisher
    • Data Sources
      • Connecting a Data Source
      • Managing a Data Source
      • Connectors
        • AWS S3 Permissions
        • Connecting to AWS S3 Storage
        • Google Cloud Storage (GCS) Permissions
        • Connecting to Google Cloud Storage
        • PostgreSQL Permissions
        • Connecting to PostgreSQL
        • PostgreSQL on Azure Permissions
        • Microsoft Azure Blob Storage Permissions
        • Connecting to Microsoft Azure Blob Storage
        • Connecting to HTTPS
        • Connecting to other sources via Trino
          • BigQuery
    • Collections
      • Creating a Collection
      • Sharing a Collection
      • Collection Filters
      • Editing Collection Metadata
      • Updating Collection Contents
    • Access Policies
      • Creating an Access Policy
      • Managing Access Policies
    • Questions
      • Adding Questions
      • Example Question
    • Settings
      • Viewing Current and Past Administrators
      • Adding an Administrator
      • Removing an Administrator
      • Setting Notification Preferences
  • Explorer
    • Introduction
    • Viewing a Collection
    • Browsing Collections
    • Asking Questions
    • Accessing a Private Collection
      • Requesting Access to a Private Collection
    • Filtering Data in Tables
      • Strings
      • Dates
      • Numbers
  • Workbench
    • Introduction
    • Getting Started
      • Logging into Workbench
      • Connecting an Engine
      • Finding or Importing a Workflow
      • Configuring Workflow Inputs
      • Running and Monitoring a Workflow
      • Locating Outputs
    • Engines
      • Adding and Updating an Engine
        • On AWS HealthOmics
        • On Microsoft Azure
        • On Google Cloud Platform
        • On Premises
      • Parameters
        • AWS HealthOmics
        • Google Cloud Platform
        • Microsoft Azure
        • On-Premises
        • Cromwell
        • Amazon Genomics CLI
    • Workflows
      • Finding Workflows
      • Adding a Workflow
      • Supported Languages
      • Repositories
        • Dockstore
    • Instruments
      • Getting Started with Instruments
      • Connecting a Storage Account
      • Using Sample Data in a Workflow
      • Running Workflows Using Samples
      • Family Based Analysis with Pedigree Information
      • Monitor the Workflow
      • CLI Reference
        • Instruments
        • Storage
        • Samples
        • OpenAPI Specification
    • Entities
    • Terminology
  • Passport
    • Introduction
    • Registering an Email Address for a Google Identity
  • Command Line Interface
    • Installation
    • Usage Examples
    • Working with JSON Data
    • Reference
      • workbench
        • runs submit
        • runs list
        • runs describe
        • runs cancel
        • runs delete
        • runs logs
        • runs tasks list
        • runs events list
        • engines list
        • engines describe
        • engines parameters list
        • engines parameters describe
        • engines health-checks list
        • workflows create
        • workflows list
        • workflows describe
        • workflows update
        • workflows delete
        • workflows versions create
        • workflows versions list
        • workflows versions describe
        • workflows versions files
        • workflows versions update
        • workflows versions delete
        • workflows versions defaults create
        • workflows versions defaults list
        • workflows versions defaults describe
        • workflows versions defaults update
        • workflows versions defaults delete
        • namespaces get-default
        • storage add
        • storage delete
        • storage describe
        • storage list
        • storage update
        • storage platforms add
        • storage platforms delete
        • storage platforms describe
        • storage platforms list
        • samples list
        • samples describe
        • samples files list
      • publisher
        • datasources list
  • Analysis
    • Python Library
    • Popular Environments
      • Cromwell
      • CWL Tool
      • Terra
      • Nextflow
      • DNAnexus
Powered by GitBook

© DNAstack. All rights reserved.

On this page
  • Concepts
  • Minimal Configuration
  • Create a Role
  • Allow Connection to a Database
  • Allow Role to use Schema
  • Grant Access to One or More Tables
  • Create User and Assign them to Role
  • Limiting View to System Tables

Was this helpful?

  1. publisher
  2. Data Sources
  3. Connectors

PostgreSQL Permissions

PreviousConnecting to Google Cloud StorageNextConnecting to PostgreSQL

Last updated 3 months ago

Was this helpful?

When connecting to PostgreSQL databases, proper permission configuration ensures secure and efficient data access while maintaining database security policies. These permissions define how Publisher can interact with your schemas, tables, and system views through roles and user assignments.

This guide explains the minimum permissions required for PostgreSQL integration, covering role creation, schema access, and table-level permissions.

Concepts

  • Schema: A namespace that contains named database objects such as tables, views, indexes, data types, functions, stored procedures, and operators.

  • Role: A role is an entity that can own database objects and have database privileges. Depending on its use, a role can be considered a "user," "group," or both.

  • User: A user is a role with the ability to log in (the role has the LOGIN attribute).

Minimal Configuration

To perform these operations, you must log in to your as an administrator.

The following will create a role we will use to assign permissions but not log in. It then creates a separate user who can log in and grant them access to all the tables in the target schema (this can be limited to a single table or even a single column within a table).

Create a Role

CREATE ROLE <ROLE_NAME>

Allow Connection to a Database

GRANT CONNECT ON DATABASE <DATABASE> TO <ROLE_NAME>;

Allow Role to use Schema

GRANT USAGE ON SCHEMA <SCHEMA> TO <ROLE_NAME>;

Grant Access to One or More Tables

All Tables in Schema:

GRANT SELECT ON ALL TABLES IN SCHEMA <SCHEMA> TO <ROLE_NAME>;

One Table in Schema:

GRANT SELECT ON <SCHEMA>.<TABLENAME> TO <ROLE_NAME>;

Specific Columns in Schema:

GRANT SELECT ON <SCHEMA>.<TABLENAME> (<COLUMN>,<COLUMN>) TO <ROLE_NAME>;

Create User and Assign them to Role

CREATE USER <USERNAME> WITH PASSWORD <PASSWORD>;
GRANT <ROLE> TO <USERNAME>

Limiting View to System Tables

In PostgreSQL, system tables and schemas are given the default PUBLIC roles when the database is first created. These tables are view-only tables used by Postgres directly and client-side tooling for running queries, accessing object metadata, query planning, auto-complete, etc. Limiting access to these tables is not recommended, and it is generally not considered a security risk to allow users to read access to them. Additionally, since they are views they only represent the set of permissions that the user actually possesses. IE They can only see the metadata for the tables they have permission to read from.

Publisher
PostgreSQL database