The programs in this section are of use to the administrators that manage the system. These programs require login be done using a username having administrative authority. These programs automatically logout upon completion; usernames and passwords must be re-entered each invocation.
The Add_User program provides a convenient way to add
database users, users who have access to the database. This
program is something of a non-essential convenience, as it's
possible to do everything the Add_User program does with SQL
statements. Add_User provides a convenient web interface which
adds a user, constructs an initial password, creates a private
schema for the user in both the gombemi and
the gombemi_test databases, and gives the new
user appropriate permissions to database content.
Every person should have their own username. Usernames (and passwords) should never be shared.
Either ordinary database usernames
or administrative
usernames may be created. Ordinary usernames have either
read-only access to the gombemi schema or
read/write access to the gombemi schema.
Ordinary users always have read/write access to their own
private schemas. For further information see:
Roles and Database Permissions
Only administrative logins (administrative users) can create new users.
Passwords should not be known to anyone but the person to whom the username belongs. Once given the initial password by the administrator who created the username, the person receiving the new username/password should immediately replace the password by one of their own choosing. This can be done with phpPgAdmin or manually via the ALTER ROLE SQL statement.
People who have administrative privileges to the database should have separate usernames for ordinary and administrative use. Ordinary use of the database should be done with a non-administrative login to avoid the risk of accidental database destruction.[77]
Administrative users have the permissions necessary to do great damage. Enable those permissions only at need.
All usernames are created in lower case. Leading and trailing spaces are removed.
When a new username is created the program generates a password and reports the generated password. If the generated password is lost a new password must be manually assigned to the user in phpPgAdmin.
Reassignment of a
username's database role (whether
the username is a member of gombemi_readers
or gombemi_editors) can be done either with
the SQL GRANT ROLE and DROP ROLE
statements or via the administrative facilities of
phpPgAdmin.[78]
The Copy_Schema program copies schemas between databases. The schema and all it's content is copied. Permissions are preserved.
An administrative login must be used to copy a schema between databases.
The Copy_Schema interface has 2 checkboxs that control it's behavior:
Copy_Schema will not copy a schema on top of an existing schema of the same name, destroying the original schema in the target database, unless explicitly asked to do so.
Copy_Schema will not alter
the gombemi database, potentially
destroying production data, unless explicitly asked to do
so.
It can take some time, depending on the size of the schema to copy and the size of the target database, to copy a schema. Expect execution times that may be in the 10s of minutes.
The Copy_Schema program performs a VACUUM ANALYZE on the target database, which contributes to the amount of time it takes to perform the copy.
[77] You know the rule: “With great power comes great responsibility.”
[78] Either way the operation must be performed by an Administrative user.