PingAuthorize

Setting up a PostgreSQL database

To set up a PostgreSQL database for your attribute-based access control policies, create the policy database using the policy-db tool.

Before you begin

  • The PostgreSQL instance must be reachable on the network from the Policy Editor host and listening for connections.

  • The Policy Editor uses both a PostgreSQL administration user and a server runtime user. Have a database administrator create both users before providing their credentials to the policy-db tool. The administration user must be able to create new databases. When new releases of the Policy Editor become available, continue using the same administration user to prevent database object ownership issues.

    Learn more about creating new database users and configuring PostgreSQL to listen for remote connections securely in the PostgreSQL documentation.

  • The Policy Editor uses Java Database Connectivity (JDBC) to connect to PostgreSQL. Be prepared to provide the JDBC connection string in the following format: jdbc:postgresql://<host>:<port>/<name>. For example: jdbc:postgresql://example.com:5432/pap_db

About this task

Follow these instructions to create a PostgreSQL database for a manual installation of the Policy Editor. See Deploying PingAuthorize Policy Editor using Docker for containerized deployments.

Steps

  1. Run the following command:

    $ bin/policy-db \
      --dbConnectionString "jdbc:postgresql://<host>:<port>/<name>" \
      --dbAppUsername  <server-runtime-username>  \
      --dbAppPassword  <server-runtime-password>

    Alternatively, you can provide the server runtime password through the PING_DB_APP_PASSWORD environment variable.

  2. Provide the database administration credentials when prompted.

Result

The policy-db tool connects to PostgreSQL, creates the database and its objects, and grants access to the server runtime username.

Next steps

Configure the Policy Editor to use the PostgreSQL database. See Installing the PingAuthorize Policy Editor noninteractively.

Provide the Policy Editor with the same --dbConnectionString, --dbAppUsername, and server runtime password you used to create the PostgreSQL database.