SlideShare a Scribd company logo

PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL

PGConf APAC
PGConf APAC

The document discusses implementing centralized authorization in PostgreSQL by synchronizing user roles and privileges with an LDAP server. It provides a step-by-step approach to setting up LDAP authentication in PostgreSQL and using scripts to synchronize user roles and privileges between the database and LDAP based on group membership. The synchronization scripts create roles for each LDAP user, grant privileges to roles based on mapping rules, and handle role inheritance.

1 of 17
Downloaded 14 times
Centralising Authorization in PostgreSQL Experimenting with LDAP synchronization
Structure of this talk…  A summary of my experience with implementing a simple form of Centralized Authorisation  A step by step approach
Authentication versus Authorisation PostgreSQL LDAP Authentication ldap ldapserver=servername.ad.company.au ldaptls=1 ldapbasedn="ou=AU,dc=ad,dc=company,dc=au" ldapbinddn="cn=Gary Evans,ou=consultant,ou=ThirdParty Contractors,ou=Users, ou=AU,dc=ad,dc=corelogic,dc=asia" ldapbindpasswd="<the password>" ldapsearchattribute=sAMAccountName
Benefits of a centralized approach  Single point of control of database users  Adding a user can be done by help desk  Less error prone
Synchronisation Approach StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges
Synchronisation Approach Server StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"' ,OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompany name,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x'
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=companyna me,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/ schemaname -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/performance -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompanyn ame,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/performance -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
Existing tool Pg-ldap-sync

Recommended

How to teach an elephant to rock'n'roll
How to teach an elephant to rock'n'rollHow to teach an elephant to rock'n'roll
How to teach an elephant to rock'n'roll
PGConf APAC
 
Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.
Mydbops
 
Flexible Indexing with Postgres
Flexible Indexing with PostgresFlexible Indexing with Postgres
Flexible Indexing with Postgres
EDB
 
Msql
Msql Msql
Msql
ksujitha
 
15 Ways to Kill Your Mysql Application Performance
15 Ways to Kill Your Mysql Application Performance15 Ways to Kill Your Mysql Application Performance
15 Ways to Kill Your Mysql Application Performance
guest9912e5
 
Agile Database Development with JSON
Agile Database Development with JSONAgile Database Development with JSON
Agile Database Development with JSON
Chris Saxon
 
Writing A Foreign Data Wrapper
Writing A Foreign Data WrapperWriting A Foreign Data Wrapper
Writing A Foreign Data Wrapper
psoo1978
 
Data Exploration with Apache Drill: Day 1
Data Exploration with Apache Drill: Day 1Data Exploration with Apache Drill: Day 1
Data Exploration with Apache Drill: Day 1
Charles Givre
 
Advanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & moreAdvanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & more
Lukas Fittl
 
QB Into the Box 2018
QB Into the Box 2018QB Into the Box 2018
QB Into the Box 2018
Ortus Solutions, Corp
 
Centralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQLCentralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQL
Gary Evans
 
PerlApp2Postgresql (2)
PerlApp2Postgresql (2)PerlApp2Postgresql (2)
PerlApp2Postgresql (2)
Jerome Eteve
 
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Marco Tusa
 
MySQL innoDB split and merge pages
MySQL innoDB split and merge pagesMySQL innoDB split and merge pages
MySQL innoDB split and merge pages
Marco Tusa
 
Load Data Fast!
Load Data Fast!Load Data Fast!
Load Data Fast!
Karwin Software Solutions LLC
 
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Cliff Seal
 
Oracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New FeaturesOracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New Features
Alex Zaballa
 
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
NoSQLmatters
 
Accessing Databases from R
Accessing Databases from RAccessing Databases from R
Accessing Databases from R
Jeffrey Breen
 
PGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with groupingPGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with grouping
Alexey Bashtanov
 
Chetan postgresql partitioning
Chetan postgresql partitioningChetan postgresql partitioning
Chetan postgresql partitioning
suniltomar04
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL Wrong
Karwin Software Solutions LLC
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
lucenerevolution
 
Mongodb replication
Mongodb replicationMongodb replication
Mongodb replication
PoguttuezhiniVP
 
15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards
Denis Ristic
 
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
Dave Stokes
 
Quick reference for mongo shell commands
Quick reference for mongo shell commandsQuick reference for mongo shell commands
Quick reference for mongo shell commands
Rajkumar Asohan, PMP
 
Beyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeBeyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the code
Wim Godden
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
Marcus Ramberg
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directory
Dan Morrill
 

More Related Content

What's hot (20)

Advanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & moreAdvanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & more
Lukas Fittl
 
QB Into the Box 2018
QB Into the Box 2018QB Into the Box 2018
QB Into the Box 2018
Ortus Solutions, Corp
 
Centralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQLCentralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQL
Gary Evans
 
PerlApp2Postgresql (2)
PerlApp2Postgresql (2)PerlApp2Postgresql (2)
PerlApp2Postgresql (2)
Jerome Eteve
 
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Marco Tusa
 
MySQL innoDB split and merge pages
MySQL innoDB split and merge pagesMySQL innoDB split and merge pages
MySQL innoDB split and merge pages
Marco Tusa
 
Load Data Fast!
Load Data Fast!Load Data Fast!
Load Data Fast!
Karwin Software Solutions LLC
 
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Cliff Seal
 
Oracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New FeaturesOracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New Features
Alex Zaballa
 
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
NoSQLmatters
 
Accessing Databases from R
Accessing Databases from RAccessing Databases from R
Accessing Databases from R
Jeffrey Breen
 
PGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with groupingPGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with grouping
Alexey Bashtanov
 
Chetan postgresql partitioning
Chetan postgresql partitioningChetan postgresql partitioning
Chetan postgresql partitioning
suniltomar04
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL Wrong
Karwin Software Solutions LLC
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
lucenerevolution
 
Mongodb replication
Mongodb replicationMongodb replication
Mongodb replication
PoguttuezhiniVP
 
15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards
Denis Ristic
 
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
Dave Stokes
 
Quick reference for mongo shell commands
Quick reference for mongo shell commandsQuick reference for mongo shell commands
Quick reference for mongo shell commands
Rajkumar Asohan, PMP
 
Beyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeBeyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the code
Wim Godden
 
Advanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & moreAdvanced pg_stat_statements: Filtering, Regression Testing & more
Advanced pg_stat_statements: Filtering, Regression Testing & more
Lukas Fittl
 
QB Into the Box 2018
QB Into the Box 2018QB Into the Box 2018
QB Into the Box 2018
Ortus Solutions, Corp
 
Centralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQLCentralising Authorisation in PostgreSQL
Centralising Authorisation in PostgreSQL
Gary Evans
 
PerlApp2Postgresql (2)
PerlApp2Postgresql (2)PerlApp2Postgresql (2)
PerlApp2Postgresql (2)
Jerome Eteve
 
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Accessing Data Through Hibernate; What DBAs Should Tell Developers and Vice V...
Marco Tusa
 
MySQL innoDB split and merge pages
MySQL innoDB split and merge pagesMySQL innoDB split and merge pages
MySQL innoDB split and merge pages
Marco Tusa
 
Load Data Fast!
Load Data Fast!Load Data Fast!
Load Data Fast!
Karwin Software Solutions LLC
 
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Temporary Cache Assistance (Transients API): WordCamp Phoenix 2014
Cliff Seal
 
Oracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New FeaturesOracle Database 12.1.0.2 New Features
Oracle Database 12.1.0.2 New Features
Alex Zaballa
 
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
Stefan Hochdörfer - The NoSQL Store everyone ignores: PostgreSQL - NoSQL matt...
NoSQLmatters
 
Accessing Databases from R
Accessing Databases from RAccessing Databases from R
Accessing Databases from R
Jeffrey Breen
 
PGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with groupingPGDay UK 2016 -- Performace for queries with grouping
PGDay UK 2016 -- Performace for queries with grouping
Alexey Bashtanov
 
Chetan postgresql partitioning
Chetan postgresql partitioningChetan postgresql partitioning
Chetan postgresql partitioning
suniltomar04
 
How to Use JSON in MySQL Wrong
How to Use JSON in MySQL WrongHow to Use JSON in MySQL Wrong
How to Use JSON in MySQL Wrong
Karwin Software Solutions LLC
 
Administering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud ClustersAdministering and Monitoring SolrCloud Clusters
Administering and Monitoring SolrCloud Clusters
lucenerevolution
 
Mongodb replication
Mongodb replicationMongodb replication
Mongodb replication
PoguttuezhiniVP
 
15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards15 MySQL Basics #burningkeyboards
15 MySQL Basics #burningkeyboards
Denis Ristic
 
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
MySQL Query Tuning for the Squeemish -- Fossetcon Orlando Sep 2014
Dave Stokes
 
Quick reference for mongo shell commands
Quick reference for mongo shell commandsQuick reference for mongo shell commands
Quick reference for mongo shell commands
Rajkumar Asohan, PMP
 
Beyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the codeBeyond PHP - It's not (just) about the code
Beyond PHP - It's not (just) about the code
Wim Godden
 

Similar to PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL (20)

Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
Marcus Ramberg
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directory
Dan Morrill
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAP
Dashamir Hoxha
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
Lindsay Holmwood
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioning
Source Ministry
 
Why is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenariosWhy is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenarios
Divante
 
FamilySearch Reference Client
FamilySearch Reference ClientFamilySearch Reference Client
FamilySearch Reference Client
Dallan Quass
 
XQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database SednaXQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database Sedna
maria.grineva
 
Framework
FrameworkFramework
Framework
Nguyen Linh
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2
Shinya Ohyanagi
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
Jeroen van Dijk
 
About Data::ObjectDriver
About Data::ObjectDriverAbout Data::ObjectDriver
About Data::ObjectDriver
Yoshiki Kurihara
 
Creating and Maintaining WordPress Plugins
Creating and Maintaining WordPress PluginsCreating and Maintaining WordPress Plugins
Creating and Maintaining WordPress Plugins
Mark Jaquith
 
Talk MongoDB - Amil
Talk MongoDB - AmilTalk MongoDB - Amil
Talk MongoDB - Amil
removed_b0e2342824f6227286f54ba461ebc0fe
 
Drupal II: The SQL
Drupal II: The SQLDrupal II: The SQL
Drupal II: The SQL
ddiers
 
Api Design
Api DesignApi Design
Api Design
sartak
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For Beginners
Jonathan Wage
 
Application Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud ReadinessApplication Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud Readiness
The Incredible Automation Day
 
Redis for your boss
Redis for your bossRedis for your boss
Redis for your boss
Elena Kolevska
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
OlinData
 
Bag Of Tricks From Iusethis
Bag Of Tricks From IusethisBag Of Tricks From Iusethis
Bag Of Tricks From Iusethis
Marcus Ramberg
 
Windows power shell and active directory
Windows power shell and active directoryWindows power shell and active directory
Windows power shell and active directory
Dan Morrill
 
Using OpenFire With OpenLDAP
Using OpenFire With OpenLDAPUsing OpenFire With OpenLDAP
Using OpenFire With OpenLDAP
Dashamir Hoxha
 
Burn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websitesBurn down the silos! Helping dev and ops gel on high availability websites
Burn down the silos! Helping dev and ops gel on high availability websites
Lindsay Holmwood
 
Service discovery and configuration provisioning
Service discovery and configuration provisioningService discovery and configuration provisioning
Service discovery and configuration provisioning
Source Ministry
 
Why is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenariosWhy is crud a bad idea - focus on real scenarios
Why is crud a bad idea - focus on real scenarios
Divante
 
FamilySearch Reference Client
FamilySearch Reference ClientFamilySearch Reference Client
FamilySearch Reference Client
Dallan Quass
 
XQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database SednaXQuery Triggers in Native XML Database Sedna
XQuery Triggers in Native XML Database Sedna
maria.grineva
 
Framework
FrameworkFramework
Framework
Nguyen Linh
 
Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2Zend Framework Study@Tokyo #2
Zend Framework Study@Tokyo #2
Shinya Ohyanagi
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
Jeroen van Dijk
 
About Data::ObjectDriver
About Data::ObjectDriverAbout Data::ObjectDriver
About Data::ObjectDriver
Yoshiki Kurihara
 
Creating and Maintaining WordPress Plugins
Creating and Maintaining WordPress PluginsCreating and Maintaining WordPress Plugins
Creating and Maintaining WordPress Plugins
Mark Jaquith
 
Talk MongoDB - Amil
Talk MongoDB - AmilTalk MongoDB - Amil
Talk MongoDB - Amil
removed_b0e2342824f6227286f54ba461ebc0fe
 
Drupal II: The SQL
Drupal II: The SQLDrupal II: The SQL
Drupal II: The SQL
ddiers
 
Api Design
Api DesignApi Design
Api Design
sartak
 
Doctrine For Beginners
Doctrine For BeginnersDoctrine For Beginners
Doctrine For Beginners
Jonathan Wage
 
Application Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud ReadinessApplication Stack - TIAD Camp Microsoft Cloud Readiness
Application Stack - TIAD Camp Microsoft Cloud Readiness
The Incredible Automation Day
 
Redis for your boss
Redis for your bossRedis for your boss
Redis for your boss
Elena Kolevska
 
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with PuppetPuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
PuppetCamp SEA @ Blk 71 - Nagios in under 10 mins with Puppet
OlinData
 

More from PGConf APAC (20)

PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC
 
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQLPGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC
 
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
PGConf APAC
 
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC
 
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companionPGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC
 
PGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC 2018 - High performance json postgre-sql vs. mongodbPGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC
 
PGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC 2018 - Monitoring PostgreSQL at ScalePGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC
 
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQLPGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC
 
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC
 
PGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC 2018 - PostgreSQL performance comparison in various cloudsPGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC
 
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
PGConf APAC
 
PGConf APAC 2018 - Tale from Trenches
PGConf APAC 2018 - Tale from TrenchesPGConf APAC 2018 - Tale from Trenches
PGConf APAC 2018 - Tale from Trenches
PGConf APAC
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC
 
Amazon (AWS) Aurora
Amazon (AWS) AuroraAmazon (AWS) Aurora
Amazon (AWS) Aurora
PGConf APAC
 
Use Case: PostGIS and Agribotics
Use Case: PostGIS and AgriboticsUse Case: PostGIS and Agribotics
Use Case: PostGIS and Agribotics
PGConf APAC
 
PostgreSQL on Amazon RDS
PostgreSQL on Amazon RDSPostgreSQL on Amazon RDS
PostgreSQL on Amazon RDS
PGConf APAC
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
PGConf APAC
 
Lightening Talk - PostgreSQL Worst Practices
Lightening Talk - PostgreSQL Worst PracticesLightening Talk - PostgreSQL Worst Practices
Lightening Talk - PostgreSQL Worst Practices
PGConf APAC
 
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC 2018: Sponsored Talk by Fujitsu - The growing mandatory requireme...
PGConf APAC
 
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes LogicalPGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC 2018: PostgreSQL 10 - Replication goes Logical
PGConf APAC
 
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQLPGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC 2018 - Lightening Talk #3: How To Contribute to PostgreSQL
PGConf APAC
 
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
Sponsored Talk @ PGConf APAC 2018 - Choosing the right partner in your Postgr...
PGConf APAC
 
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC 2018 - A PostgreSQL DBAs Toolbelt for 2018
PGConf APAC
 
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companionPGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC 2018 - Patroni: Kubernetes-native PostgreSQL companion
PGConf APAC
 
PGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC 2018 - High performance json postgre-sql vs. mongodbPGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC 2018 - High performance json postgre-sql vs. mongodb
PGConf APAC
 
PGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC 2018 - Monitoring PostgreSQL at ScalePGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC 2018 - Monitoring PostgreSQL at Scale
PGConf APAC
 
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQLPGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC 2018 - Where's Waldo - Text Search and Pattern in PostgreSQL
PGConf APAC
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC
 
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC 2018 - PostgreSQL HA with Pgpool-II and whats been happening in P...
PGConf APAC
 
PGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC 2018 - PostgreSQL performance comparison in various cloudsPGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC 2018 - PostgreSQL performance comparison in various clouds
PGConf APAC
 
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
Sponsored Talk @ PGConf APAC 2018 - Migrating Oracle to EDB Postgres Approach...
PGConf APAC
 
PGConf APAC 2018 - Tale from Trenches
PGConf APAC 2018 - Tale from TrenchesPGConf APAC 2018 - Tale from Trenches
PGConf APAC 2018 - Tale from Trenches
PGConf APAC
 
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes elevenPGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC 2018 Keynote: PostgreSQL goes eleven
PGConf APAC
 
Amazon (AWS) Aurora
Amazon (AWS) AuroraAmazon (AWS) Aurora
Amazon (AWS) Aurora
PGConf APAC
 
Use Case: PostGIS and Agribotics
Use Case: PostGIS and AgriboticsUse Case: PostGIS and Agribotics
Use Case: PostGIS and Agribotics
PGConf APAC
 
PostgreSQL on Amazon RDS
PostgreSQL on Amazon RDSPostgreSQL on Amazon RDS
PostgreSQL on Amazon RDS
PGConf APAC
 
PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs PostgreSQL WAL for DBAs
PostgreSQL WAL for DBAs
PGConf APAC
 
Lightening Talk - PostgreSQL Worst Practices
Lightening Talk - PostgreSQL Worst PracticesLightening Talk - PostgreSQL Worst Practices
Lightening Talk - PostgreSQL Worst Practices
PGConf APAC
 

Recently uploaded (20)

Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptxTop 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
mkubeusa
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Cyntexa
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
SOFTTECHHUB
 
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier VroomAI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
UXPA Boston
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
CSUC - Consorci de Serveis Universitaris de Catalunya
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Viam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdfViam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdf
camilalamoratta
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Artificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptxArtificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptx
03ANMOLCHAURASIYA
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 
Q1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor PresentationQ1 2025 Dropbox Earnings and Investor Presentation
Q1 2025 Dropbox Earnings and Investor Presentation
Dropbox
 
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptxTop 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
Top 5 Benefits of Using Molybdenum Rods in Industrial Applications.pptx
mkubeusa
 
How to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabberHow to Install & Activate ListGrabber - eGrabber
How to Install & Activate ListGrabber - eGrabber
eGrabber
 
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Optima Cyber - Maritime Cyber Security - MSSP Services - Manolis Sfakianakis ...
Mike Mingos
 
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Everything You Need to Know About Agentforce? (Put AI Agents to Work)
Cyntexa
 
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient CareAn Overview of Salesforce Health Cloud & How is it Transforming Patient Care
An Overview of Salesforce Health Cloud & How is it Transforming Patient Care
Cyntexa
 
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Challenges in Migrating Imperative Deep Learning Programs to Graph Execution:...
Raffi Khatchadourian
 
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025Zilliz Cloud Monthly Technical Review: May 2025
Zilliz Cloud Monthly Technical Review: May 2025
Zilliz
 
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
The No-Code Way to Build a Marketing Team with One AI Agent (Download the n8n...
SOFTTECHHUB
 
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier VroomAI x Accessibility UXPA by Stew Smith and Olivier Vroom
AI x Accessibility UXPA by Stew Smith and Olivier Vroom
UXPA Boston
 
May Patch Tuesday
May Patch TuesdayMay Patch Tuesday
May Patch Tuesday
Ivanti
 
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Enterprise Integration Is Dead! Long Live AI-Driven Integration with Apache C...
Markus Eisele
 
Mastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B LandscapeMastering Testing in the Modern F&B Landscape
Mastering Testing in the Modern F&B Landscape
marketing943205
 
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
Com fer un pla de gestió de dades amb l'eiNa DMP (en anglès)
CSUC - Consorci de Serveis Universitaris de Catalunya
 
Agentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community MeetupAgentic Automation - Delhi UiPath Community Meetup
Agentic Automation - Delhi UiPath Community Meetup
Manoj Batra (1600 + Connections)
 
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Integrating FME with Python: Tips, Demos, and Best Practices for Powerful Aut...
Safe Software
 
Viam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdfViam product demo_ Deploying and scaling AI with hardware.pdf
Viam product demo_ Deploying and scaling AI with hardware.pdf
camilalamoratta
 
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent LasterAI 3-in-1: Agents, RAG, and Local Models - Brent Laster
AI 3-in-1: Agents, RAG, and Local Models - Brent Laster
All Things Open
 
Artificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptxArtificial_Intelligence_in_Everyday_Life.pptx
Artificial_Intelligence_in_Everyday_Life.pptx
03ANMOLCHAURASIYA
 
Unlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web AppsUnlocking Generative AI in your Web Apps
Unlocking Generative AI in your Web Apps
Maximiliano Firtman
 

PGConf APAC 2018 - Lightening Talk #2 - Centralizing Authorization in PostgreSQL

  • 1. Centralising Authorization in PostgreSQL Experimenting with LDAP synchronization
  • 2. Structure of this talk…  A summary of my experience with implementing a simple form of Centralized Authorisation  A step by step approach
  • 3. Authentication versus Authorisation PostgreSQL LDAP Authentication ldap ldapserver=servername.ad.company.au ldaptls=1 ldapbasedn="ou=AU,dc=ad,dc=company,dc=au" ldapbinddn="cn=Gary Evans,ou=consultant,ou=ThirdParty Contractors,ou=Users, ou=AU,dc=ad,dc=corelogic,dc=asia" ldapbindpasswd="<the password>" ldapsearchattribute=sAMAccountName
  • 4. Benefits of a centralized approach  Single point of control of database users  Adding a user can be done by help desk  Less error prone
  • 6. Synchronisation Approach Server StarOne DBROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson privileges ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"' ,OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompany name,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x'
  • 7. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 8. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 9. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5
  • 10. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=companyna me,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/ schemaname -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/performance -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
  • 11. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Server Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB ID Hostname Dbname ADGroup Dbrole Enabled CRUD 1 Serverone AppOne DB_Report Read_only True F,T,F,F 2 Serverone StarOne DB_Report Reporting True F,T,T,F 3 Serverone AppOne DB_Admin Admin_user True T,T,T,T 4 Serverone StarOne DB_Analysts Analyst True F,T,F,F 5 ${PSQL} ${DBMONITOR//HOST/localhost}/schemaname -qtAX --field-separator ' ' -c "SELECT distinct adgroup FROM mapping WHERE enabled = true and hostname='${hostname}'" | while read -a ADRow ; do for adname in $(ldapsearch -Z -LLL -h ldapservername -D gevans@ldapservername -w password -b dc=ad,dc=companyname,dc=aus '(&(objectClass=user)(memberOf=CN='"${ADRow[0]}"',OU=SQL,OU=Groups,OU=AU,DC=ad,DC=ccompanyn ame,DC=aus))' sAMAccountName | sed -e 's/sAMAccountName: ([a-zA-Z]*)/1/;tx;d;:x') do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "CREATE ROLE ${adname} with LOGIN;“ ${PSQL} ${PGMONITOR//HOST/localhost}/performance -qtAX --field-separator ' ' -c "SELECT distinct dbrole FROM mapping where enabled = true and hostname='${hostname}'" and adgroup = '${adname}' | while read -a DBRRow ; do ${PSQL} ${PGMONITOR//HOST/$hostname}/ schemaname -qtAX --field-separator ' ' -c "GRANT ${DBRRow} TO ${adname};" done
  • 12. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES postgres Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB
  • 13. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner
  • 14. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
  • 15. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
  • 16. Synchronisation Approach Database DB_Report DB_Admin DB_Analysts Andrew Smith Bob Brown Jenny Reid Andrew Smith Julie Benson Annette Huntly Paul Brown Andrew Smith Bob Brown Jenny Reid Members Groups ROLES Postgres (SU) appOneOwner (SU) StarOneOwner (SU) DB_Report (NL) DB_Admin (NL) DB_Analysts (NL) Andrew Smith Bob Brown Jenny Reid Julie Benson Annette Huntly Paul Brown AppOne DB StarOne DB Owner Owner Role inheritance
  翻译: