From 73bde32a37fcd4b57cf70c15c92037a3ccdf9427 Mon Sep 17 00:00:00 2001 From: "Karl O. Pinc kop@karlpinc.com" Date: Fri, 14 Feb 2025 18:30:44 +0000 Subject: [PATCH] Detail what roles to use to create various types of logins --- doc/src/architecture/logins.m4 | 69 ++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/doc/src/architecture/logins.m4 b/doc/src/architecture/logins.m4 index 48c72b0..1b046ec 100644 --- a/doc/src/architecture/logins.m4 +++ b/doc/src/architecture/logins.m4 @@ -80,26 +80,6 @@ Superusers have permission to do anything with a database. As with the Unix ``root`` user, there should usually be only a single PostgreSQL_ role with superuser privileges.\ [#f1]_ -.. _creating_administrators: - -Creating Administrators -''''''''''''''''''''''' - -When creating administrative users, use, as the "administrative user", -a role that will always exist. -Don't use a role belonging to a person but a role such as the default -PostgreSQL superuser. -(You `must` use the default PostgreSQL_ superuser when you do not have -a PostgreSQL_ role that can login and create groups.) -If you do not use a role that always exists, then when the creating -role is dropped the created role will lose part of its administrative -privilege and will no longer be able to use the SokweDB tools to -create users. - -Hint: Use Unix privilege escalation techniques to execute the SokweDB -command line tool in an environment that gives the tool access to the -PostgreSQL_ superuser. - .. _developers: Developers @@ -123,6 +103,55 @@ change the database's structure, rule validation, and so forth. Developers are expected to have ordinary logins, for use when interacting with database content. +.. _creating_logins: + +Creating Logins +``````````````` + +Creating (and destroying) logins is best done using the SokweDB +supplied tools. They take care of the relatively complex task of +controlling permission management to prevent removal of permissions +from logins created by another login that is later deleted. + +.. _creating_administrators: + +Creating Administrators +''''''''''''''''''''''' + +When creating administrative users connect to the database using an +"administrative user". +This is a role designated as such, with elevated permissions, which +will always exist. +Don't use a role belonging to a person but a role such as the bootstrap +PostgreSQL superuser. +(You `must` use the bootstrap PostgreSQL_ superuser when you do not have +a PostgreSQL_ role that can login and create groups.) +If you do not use a role that always exists, then when the creating +role is dropped the created role will lose part of its administrative +privilege and will no longer be able to use the PRIMEDB tools to +create users. + +Hint: Use Unix privilege escalation techniques to execute the SokweDB +command line tool in an environment that gives the tool access to the +PostgreSQL_ superuser. + +.. _creating_non-administrative_logins: + +Creating Non-Administrative Logins +'''''''''''''''''''''''''''''''''' + +Creating logins that are not administrative logins, logins for +developers or regular users, should be done using a regular +administrative login. +(Don't use an "administrative user" such as the bootstrap PostgreSQL_ +superuser.) + +The logins which should be used, when managing logins or at other +times, are those assigned per-person, for each person's use. +This includes the per-person administrative logins and the system's +design assumes that the per-person administrative logins will be used +to for login management. + .. rubric:: Footnotes .. [#f1] In environments where the PostgreSQL_ database is hosted and managed -- 2.34.1