hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-15 01:12:56 +03:00
Code Issues Projects Releases Wiki Activity

docs: fix pg requirements page

Browse Source 
Based on these two conversations:
- https://hasurahq.slack.com/archives/C015EA71MU0/p1652417463650649
- https://hasurahq.slack.com/archives/C015EA71MU0/p1652417516799779

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4500
Co-authored-by: Rikin Kachhia <54616969+rikinsk@users.noreply.github.com>
Co-authored-by: Tirumarai Selvan <8663570+tirumaraiselvan@users.noreply.github.com>
GitOrigin-RevId: 63c3d17ad2be409e52a50df61a6e17a333e50cf0
This commit is contained in:
Marion Schleifer 2022-05-25 15:06:30 +02:00 committed by hasura-bot
parent 41955bf86f
commit 7f13d4380f
1 changed files with 25 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
docs/docs/graphql/core/deployment/postgres-requirements.mdx
View File

@ -16,7 +16,7 @@ sidebar_position: 4
Hasura GraphQL engine supports **Postgres versions 9.5 and above**. Hasura GraphQL engine supports **Postgres versions 9.5 and above**.
### Feature requirements ### Feature wise requirements
- [Hasura actions](/graphql/core/actions/index.mdx) are supported in Postgres 10 and above. - [Hasura actions](/graphql/core/actions/index.mdx) are supported in Postgres 10 and above.
@ -26,35 +26,36 @@ If you're running in a controlled environment, you might need to
configure the Hasura GraphQL engine to use a specific Postgres user that configure the Hasura GraphQL engine to use a specific Postgres user that
your DBA gives you. your DBA gives you.
The Hasura GraphQL engine needs access to your Postgres database with The Hasura GraphQL engine needs access to your Postgres database(s) with
the following permissions. the following permissions. You may have a dedicated metadata database as described
[here](/graphql/core/deployment/graphql-engine-flags/config-examples.mdx#add-metadata-database).
### Metadata Database Permissions: ### Metadata Database Permissions
- (required) Read & write access on the schema `hdb_catalog`.
### User Database Permissions
- (required) Read & write access on 2 schemas: `hdb_catalog`.
- (required) Read access to the `information_schema` and `pg_catalog` - (required) Read access to the `information_schema` and `pg_catalog`
schemas, to query for list of tables. Note that these permissions schemas, to query for list of tables. Note that these permissions
are usually available by default to all postgres users via are usually available by default to all postgres users via
[PUBLIC](https://www.postgresql.org/docs/current/sql-grant.html) [PUBLIC](https://www.postgresql.org/docs/current/sql-grant.html)
grant. grant.
- (required) Read access to the schemas (`public` or otherwise) if you
#### User Database Permissions:
- (required) Read access to the schemas (public or otherwise) if you
only want to support queries. only want to support queries.
- (optional) Write access to the schemas if you want to support - (optional) Write access to the schemas if you want to support
mutations as well. mutations as well.
- (optional) To create tables and views via the Hasura console (the - (optional) To create tables and views via the Hasura console (the
admin UI) you'll need the privilege to create tables/views. This admin UI) you'll need the privilege to create tables/views. This
might not be required when you're working with an existing database. might not be required when you're working with an existing database.
- (required only if event triggers are needed) Read & write access on schema: `hdb_catalog`.
## Different Scenarios: ## Sample scenarios
Following are sample SQL blocks that you can run on your database (as a Following are sample SQL blocks that you can run on your database (as a
**superuser**) to create the right credentials for a sample Hasura user: **superuser**) to create the right credentials for a sample Hasura user:
**1. Different roles to manage** `user database` **and** ### 1. Different roles to manage **metadata database** and **user database**
`metadata database`
```sql ```sql
-- We will create separate users to manage the user database -- We will create separate users to manage the user database
@ -63,20 +64,19 @@ Following are sample SQL blocks that you can run on your database (as a
-- These permissions/grants are required for Hasura to work properly. -- These permissions/grants are required for Hasura to work properly.
-- create a separate user for to manage metadata database -- create a separate user for to manage metadata database
CREATE USER hasura_metadata_user WITH PASSWORD 'hasura_metadata_user'; CREATE USER hasura_metadata_user WITH PASSWORD 'hasura_metadata_user_password';
-- create the schemas required by the hasura system -- create the schemas required by the hasura system
-- NOTE: If you are starting from scratch: drop the below schemas first, if they exist. -- NOTE: If you are starting from scratch: drop the below schemas first, if they exist.
CREATE SCHEMA IF NOT EXISTS hdb_catalog; CREATE SCHEMA IF NOT EXISTS hdb_catalog;
-- make the user an owner of system schemas -- make the user an owner of the schema
ALTER SCHEMA hdb_catalog OWNER TO hasura_metadata_user; ALTER SCHEMA hdb_catalog OWNER TO hasura_metadata_user;
ALTER ROLE hasura_metadata_user SET search_path TO hdb_catalog;
-- grant select permissions on information_schema and pg_catalog. This is -- Hasura needs pgcrypto extension
-- required for hasura to query the list of available tables. -- See section below on pgcrypto in PG search path
-- NOTE: these permissions are usually available by default to all users via PUBLIC grant CREATE EXTENSION IF NOT EXISTS pgcrypto;
GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO hasura_metadata_user;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO hasura_metadata_user;
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
@ -84,6 +84,7 @@ GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO hasura_metadata_user;
CREATE USER hasurauser WITH PASSWORD 'hasurauser'; CREATE USER hasurauser WITH PASSWORD 'hasurauser';
-- create pgcrypto extension, required for UUID -- create pgcrypto extension, required for UUID
-- See section below on pgcrypto in PG search path
CREATE EXTENSION IF NOT EXISTS pgcrypto; CREATE EXTENSION IF NOT EXISTS pgcrypto;
-- The below permissions are optional. This is dependent on what access to your -- The below permissions are optional. This is dependent on what access to your
@ -108,8 +109,7 @@ GRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO hasurauser;
-- GRANT ALL ON ALL FUNCTIONS IN SCHEMA <schema-name> TO hasurauser; -- GRANT ALL ON ALL FUNCTIONS IN SCHEMA <schema-name> TO hasurauser;
``` ```
**2. A single role to manage** `user database` **and** ### 2. A single role to manage metadata and user objects in the **same database**
`metadata database`
```sql ```sql
-- We will create a separate user to grant permissions on hasura-specific -- We will create a separate user to grant permissions on hasura-specific
@ -123,21 +123,18 @@ CREATE USER hasurauser WITH PASSWORD 'hasurauser';
-- NOTE: If you are starting from scratch: drop the below schemas first, if they exist. -- NOTE: If you are starting from scratch: drop the below schemas first, if they exist.
CREATE SCHEMA IF NOT EXISTS hdb_catalog; CREATE SCHEMA IF NOT EXISTS hdb_catalog;
-- make the user an owner of system schemas -- make the user an owner of the schema
ALTER SCHEMA hdb_catalog OWNER TO hasurauser; ALTER SCHEMA hdb_catalog OWNER TO hasurauser;
-- See section below on pgcrypto in PG search path
CREATE EXTENSION IF NOT EXISTS pgcrypto;
-- grant select permissions on information_schema and pg_catalog. This is -- grant select permissions on information_schema and pg_catalog. This is
-- required for hasura to query the list of available tables. -- required for hasura to query the list of available tables.
-- NOTE: these permissions are usually available by default to all users via PUBLIC grant -- NOTE: these permissions are usually available by default to all users via PUBLIC grant
GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO hasurauser; GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO hasurauser;
GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO hasurauser; GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO hasurauser;
-- create a separate user for to manage user database
CREATE USER hasurauser WITH PASSWORD 'hasurauser';
-- create pgcrypto extension, required for UUID
CREATE EXTENSION IF NOT EXISTS pgcrypto;
-- The below permissions are optional. This is dependent on what access to your -- The below permissions are optional. This is dependent on what access to your
-- tables/schemas you want give to hasura. If you want expose the public -- tables/schemas you want give to hasura. If you want expose the public
-- schema for GraphQL query then give permissions on public schema to the -- schema for GraphQL query then give permissions on public schema to the