Setting up a PostgreSQL database
To set up a PostgreSQL database for your attribute-based access control policies, create the policy database using the policy-db
tool.
Before you begin
-
The PostgreSQL instance must be reachable on the network from the Policy Editor host and listening for connections.
-
The Policy Editor uses both a PostgreSQL administration user and a server runtime user. Have a database administrator create both users before providing their credentials to the
policy-db
tool. The administration user must be able to create new databases. When new releases of the Policy Editor become available, continue using the same administration user to prevent database object ownership issues.Learn more about creating new database users and configuring PostgreSQL to listen for remote connections securely in the PostgreSQL documentation.
-
The Policy Editor uses Java Database Connectivity (JDBC) to connect to PostgreSQL. Be prepared to provide the JDBC connection string in the following format:
jdbc:postgresql://<host>:<port>/<name>
. For example:jdbc:postgresql://example.com:5432/pap_db
About this task
Follow these instructions to create a PostgreSQL database for a manual installation of the Policy Editor. See Deploying PingAuthorize Policy Editor using Docker for containerized deployments.
Steps
-
Run the following command:
$ bin/policy-db \ --dbConnectionString "jdbc:postgresql://<host>:<port>/<name>" \ --dbAppUsername <server-runtime-username> \ --dbAppPassword <server-runtime-password>
Alternatively, you can provide the server runtime password through the
PING_DB_APP_PASSWORD
environment variable. -
Provide the database administration credentials when prompted.
Result
The policy-db
tool connects to PostgreSQL, creates the database and its objects, and grants access to the server runtime username.
Next steps
Configure the Policy Editor to use the PostgreSQL database. See Installing the PingAuthorize Policy Editor noninteractively.
Provide the Policy Editor with the same |