--- title: Upgrading a PostgreSQL policy database description: To upgrade an existing PostgreSQL policy database, use the policy-db tool. component: pingauthorize version: 11.0 page_id: pingauthorize:upgrading_pingauthorize:paz_upgrade_postgresql_policy_db canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/upgrading_pingauthorize/paz_upgrade_postgresql_policy_db.html revdate: May 23, 2024 section_ids: before-you-begin: Before you begin about-this-task: About this task steps: Steps result: Result next-steps: Next steps --- # Upgrading a PostgreSQL policy database To upgrade an existing PostgreSQL policy database, use the `policy-db` tool. ## Before you begin * The PostgreSQL instance must be reachable on the network from the Policy Editor host and listening for connections. * The Policy Editor uses both a PostgreSQL administration user and a server runtime user. Have a database administrator create both users before providing their credentials to the `policy-db` tool. The administration user must be able to create new databases. When new releases of the Policy Editor become available, continue using the same administration user to prevent database object ownership issues. Learn more about creating new database users and configuring PostgreSQL to listen for remote connections securely in the [PostgreSQL documentation](https://www.postgresql.org/docs/). * The Policy Editor uses Java Database Connectivity (JDBC) to connect to PostgreSQL. Be prepared to provide the JDBC connection string in the following format: `jdbc:postgresql://:/`. For example: `jdbc:postgresql://example.com:5432/pap_db` ## About this task When a newer version of the Policy Editor is released, it will fail to start when pointing to a PostgreSQL database with older database objects. Running `start-server` will print a message like the following to the console: ``` The policy database at 'jdbc:postgresql://example.com:5432/pap_db' is older than this version of PingAuthorize Policy Editor (9.2.0.0). Please use the policy-db tool to upgrade the database before running start-server again. ``` This message indicates that you must run the `policy-db` tool for this newer version of the Policy Editor to upgrade the database objects. Follow these instructions to upgrade a PostgreSQL database for a manual upgrade of the Policy Editor. Be prepared to provide the database administration credentials and server runtime credentials you used to create the PostgreSQL database. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | See [Deploying the Policy Editor using Docker](../installing_and_uninstalling_pingauthorize/paz_install_server_pe_docker.html#pe_install_docker) for containerized deployments. | ## Steps 1. Complete steps 1-3 of [Upgrading the PingAuthorize Policy Editor manually](paz_manual_upgrades.html#upgrade_pe_manually). 2. Run the following command: ```shell $ bin/policy-db \ --dbConnectionString "jdbc:postgresql://:/" \ --dbAppUsername \ --dbAppPassword ``` | | | | - | ------------------------------------------------------------------------------------------------------------------- | | | Alternatively, you can provide the server runtime password through the `PING_DB_APP_PASSWORD` environment variable. | 3. Provide the database administration credentials when prompted. ## Result The `policy-db` tool connects to PostgreSQL and applies the upgrades. ## Next steps Complete steps 5-7 of [Upgrading the PingAuthorize Policy Editor manually](paz_manual_upgrades.html#upgrade_pe_manually). | | | | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | | Provide the Policy Editor with the same `--dbConnectionString`, `--dbAppUsername`, and server runtime password you used to create the PostgreSQL database. |