From 0bd574cb5c891a53eeeedcfd64f6b999f4063bf7 Mon Sep 17 00:00:00 2001 From: Paul Trowbridge Date: Thu, 8 Nov 2018 22:38:11 -0500 Subject: [PATCH] add postgres folder and script to create user --- .tmux.md.swp | Bin 0 -> 12288 bytes pgbadger.md => postgres/pgbadger.md | 0 postgres.md => postgres/postgres.md | 58 +++++++------- .../postgres_features.md | 72 +++++++++--------- postgres/psql.md | 1 + user.sql | 37 +++++++++ 6 files changed, 103 insertions(+), 65 deletions(-) create mode 100644 .tmux.md.swp rename pgbadger.md => postgres/pgbadger.md (100%) rename postgres.md => postgres/postgres.md (95%) rename postgres_features.md => postgres/postgres_features.md (97%) create mode 100644 postgres/psql.md create mode 100644 user.sql diff --git a/.tmux.md.swp b/.tmux.md.swp new file mode 100644 index 0000000000000000000000000000000000000000..57d60d9761d60c0e8669870a1eaa83e35f6fd04b GIT binary patch literal 12288 zcmeI2J!=#}7{{O3C%zRDt1%)dN3!Qd6N@vL#7596oJ~No*`4zSXJ43^%bsbh1ko>H zWn-y+0xSIlehNQ=_}{%fj72a-3IqRvAM^6e^UUyrEtcK=?$bw4)V-Cipj{Ao{r1D| z+QJq2H77E(S_f}Zz22*%$F|L#!OpS4BY`N(LzF}Vubq#Y;?ct*8D}~VKFW)reH60s zWF0AIjo@DaQLWAF^DgEep$+yV7@J-|i- zG(ZD1Km#;D12jMbG(ZD1@LwCK|I=1+2yrq}%RzP3{n;!O%4_dUk*lsW+pI^_8XxKa z*1e=yNOhCk?v>?#HfgtdkqY^V({a$MGI?55sBCo->O)IcWMz=#&z4+Q?Y5JgGA)Qh zwu7^stxkW_xuV)YIfvUHYMEg8!dR=yIM;HBSr$)BhESB5yctYG{Xw}A^&jhDsIz@# z0%X-mUY6>G(wflB)xNexB{%+FbmsXeoaDySlCrlQtm|y;sTd*-4CHu~6j>JMslp%j V?xnh!#MbImg^`9PJv5VB@*DX~wx<99 literal 0 HcmV?d00001 diff --git a/pgbadger.md b/postgres/pgbadger.md similarity index 100% rename from pgbadger.md rename to postgres/pgbadger.md diff --git a/postgres.md b/postgres/postgres.md similarity index 95% rename from postgres.md rename to postgres/postgres.md index eb20069..19c05ac 100644 --- a/postgres.md +++ b/postgres/postgres.md @@ -1,29 +1,29 @@ -setup for single sign on with [SSPI](https://wiki.postgresql.org/wiki/Configuring_for_single_sign-on_using_SSPI_on_Windows) - -md5 hash is salted with username in front - - -Memory -========================================================= -see whats in the buffer cache with pg_buffercache - -`CREATE EXTENSION pg_buffercache` - -``` -SELECT - c.relname, - COUNT(*) AS buffers -FROM - pg_class c -INNER JOIN pg_buffercache b ON - b.relfilenode = c.relfilenode -INNER JOIN pg_database d ON - ( b.reldatabase = d.oid - AND d.datname = CURRENT_DATABASE()) -GROUP BY - c.relname -ORDER BY - 2 DESC -LIMIT 100; -``` - +setup for single sign on with [SSPI](https://wiki.postgresql.org/wiki/Configuring_for_single_sign-on_using_SSPI_on_Windows) + +md5 hash is salted with username in front + + +Memory +========================================================= +see whats in the buffer cache with pg_buffercache + +`CREATE EXTENSION pg_buffercache` + +``` +SELECT + c.relname, + COUNT(*) AS buffers +FROM + pg_class c +INNER JOIN pg_buffercache b ON + b.relfilenode = c.relfilenode +INNER JOIN pg_database d ON + ( b.reldatabase = d.oid + AND d.datname = CURRENT_DATABASE()) +GROUP BY + c.relname +ORDER BY + 2 DESC +LIMIT 100; +``` + diff --git a/postgres_features.md b/postgres/postgres_features.md similarity index 97% rename from postgres_features.md rename to postgres/postgres_features.md index 2b6ffb3..8135f38 100644 --- a/postgres_features.md +++ b/postgres/postgres_features.md @@ -1,36 +1,36 @@ -Version 10 Features -=================== - -Auto Logging [blog](http://databasedoings.blogspot.com/2017/07/cool-stuff-in-postgresql-10-auto-logging.html) - -Transition Tables [blog](http://databasedoings.blogspot.com/2017/07/cool-stuff-in-postgresql-10-transition.html) - -Correlated Columns Query Plan [blog](https://blog.2ndquadrant.com/pg-phriday-crazy-correlated-column-crusade/) - -Native Partitioning - -Logical Replication - -Add a version of jsonb's delete operator that takes an array of keys to delete (Magnus Hagander) - -Make json_populate_record() and related functions process JSON arrays and objects recursively (Nikita Glukhov) - -Identity Columns [blog](https://blog.2ndquadrant.com/postgresql-10-identity-columns/) - -Add view pg_hba_file_rules to display the contents of pg_hba.conf (Haribabu Kommi) - -Add XMLTABLE function that converts XML-formatted data into a row set (Pavel Stehule, Álvaro Herrera) - - -Security -=================== - -LDAP & Active Directory [blog](https://www.openscg.com/2017/07/setting-up-ldap-with-active-directory-in-postgresql/) - -Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas) - - -Monitoring -==================== - -file system info - [pg_stat_kcache](https://rjuju.github.io/postgresql/2018/07/17/pg_stat_kcache-2-1-is-out.html) +Version 10 Features +=================== + +Auto Logging [blog](http://databasedoings.blogspot.com/2017/07/cool-stuff-in-postgresql-10-auto-logging.html) + +Transition Tables [blog](http://databasedoings.blogspot.com/2017/07/cool-stuff-in-postgresql-10-transition.html) + +Correlated Columns Query Plan [blog](https://blog.2ndquadrant.com/pg-phriday-crazy-correlated-column-crusade/) + +Native Partitioning + +Logical Replication + +Add a version of jsonb's delete operator that takes an array of keys to delete (Magnus Hagander) + +Make json_populate_record() and related functions process JSON arrays and objects recursively (Nikita Glukhov) + +Identity Columns [blog](https://blog.2ndquadrant.com/postgresql-10-identity-columns/) + +Add view pg_hba_file_rules to display the contents of pg_hba.conf (Haribabu Kommi) + +Add XMLTABLE function that converts XML-formatted data into a row set (Pavel Stehule, Álvaro Herrera) + + +Security +=================== + +LDAP & Active Directory [blog](https://www.openscg.com/2017/07/setting-up-ldap-with-active-directory-in-postgresql/) + +Add SCRAM-SHA-256 support for password negotiation and storage (Michael Paquier, Heikki Linnakangas) + + +Monitoring +==================== + +file system info - [pg_stat_kcache](https://rjuju.github.io/postgresql/2018/07/17/pg_stat_kcache-2-1-is-out.html) diff --git a/postgres/psql.md b/postgres/psql.md new file mode 100644 index 0000000..568ac48 --- /dev/null +++ b/postgres/psql.md @@ -0,0 +1 @@ +use -E to show definitions of SQL used for \d commands \ No newline at end of file diff --git a/user.sql b/user.sql new file mode 100644 index 0000000..e43a361 --- /dev/null +++ b/user.sql @@ -0,0 +1,37 @@ +DROP USER IF EXISTS salesreader; + +CREATE ROLE salesreader WITH + LOGIN + NOSUPERUSER + NOCREATEDB + NOCREATEROLE + INHERIT + NOREPLICATION + CONNECTION LIMIT -1 + ENCRYPTED PASSWORD 'md5b66677418e59ca921c20ff40534685a7'; + +--------------------grant-------------------------------------------------- + +GRANT USAGE ON SCHEMA rlarp TO salesreader; + +GRANT SELECT /*, UPDATE, INSERT, DELETE*/ ON ALL TABLES IN SCHEMA rlarp TO salesreader; + +GRANT USAGE ON ALL SEQUENCES IN SCHEMA rlarp TO salesreader; + +ALTER DEFAULT PRIVILEGES IN SCHEMA rlarp GRANT SELECT/*, UPDATE, INSERT, DELETE*/ ON TABLES TO salesreader; + +ALTER DEFAULT PRIVILEGES IN SCHEMA rlarp GRANT USAGE ON SEQUENCES TO salesreader; + +---------------------------revoke--------------------------------------- + +REVOKE USAGE ON SCHEMA tps FROM salesreader; + +REVOKE USAGE ON SCHEMA rlarp FROM salesreader; + +REVOKE SELECT /*, UPDATE, INSERT, DELETE*/ ON ALL TABLES IN SCHEMA rlarp FROM salesreader; + +REVOKE USAGE ON ALL SEQUENCES IN SCHEMA rlarp FROM salesreader; + +ALTER DEFAULT PRIVILEGES IN SCHEMA rlarp REVOKE SELECT/*, UPDATE, INSERT, DELETE*/ ON TABLES FROM salesreader; + +ALTER DEFAULT PRIVILEGES IN SCHEMA rlarp REVOKE USAGE ON SEQUENCES FROM salesreader; \ No newline at end of file