I need to share my database from PostgreSQL in my PC with my colleagues in the same office (in the same network). I did some research but I still have some questions regarding it.
A bit background for myself: I have been using PostgreSQL independently for a while and have created a bunch of useful DBs, and now need to share it with others. So I am familiar with PostgreSQL's usage and its syntax, but for its database management, I am still fairly new... My PostgreSQL version is 10.6 and I'm working on Windows.
During my initial research, I found that this post is helpful to my question, but I need more clarification on it. The answer to the above post mentioned:
The user needs access to the database, obviously:
GRANT CONNECT ON DATABASE my_db TO my_user;And (at least) the USAGE privilege on the schema:
GRANT USAGE ON SCHEMA public TO my_user;
So here goes the 1st question: where should I run these code? Suppose I am on pgAdmin and in the database I would like to share, should I just open a Query Tool and run the syntax there?
Secondly, is the user name (such as my_user used in above code) the same one as we used for our own superuser name? i.e. If my superuser name is just postgres (I believe it is the default during installation), if there's someone wants to grant me access to his DB, he just use postgres for my_user?
Lastly, if there's an user outside of my office, how to grant remote access then?
Additionally, I've added my pg_hba_conf here:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
Unless you changed the default permissions, both of the GRANT statements you quote are unnecessary:
By default PUBLIC (i.e. everybody) has the CONNECT privilege on all databases and the USAGE privilege on schema public.
You might want to REVOKE the CREATE privilege on schema public from PUBLIC if you intend to give others access.
I'd recommend that you don't hand out the credentials to your postgres superuser to your co-workers unless they need to administrate the database and they know enough about PostgreSQL to be trusted not to accidentally break the database.
So I would create a new login role and grant it all necessary privileges on the tables, views and sequences in your database.
There are two more things you might to have to do to make it work:
Set listen_addresses = '*' in postgresql.conf and restart the database.
Add entries in pg_hba.conf that allow the users in and reload the database.
An entry that allows user myuser to connect to database mydbname from any computer would be:
host mydbname myuser 0.0.0.0/0 md5
You can use a more restrictive netmask of course.
To give specific answers to your questions:
You can run these statements in the Query Tool in pgAdmin. That works as well as any other client.
You wouldn't need to grant postgres any privileges, because a superuser like postgres is exempt from permission checks. You'd only have to tell your co-workers the password (and configure PostgreSQL to accept remote connections). But as I wrote above, I recommend that you create a new user specifically for that purpose.
Granting access to people outside your office is no different (PostgreSQL has no idea where your office ends). All you need is for these outside people to have network access to the database machine (and an appropriate pg_hba.conf entry).