To set up a PostgreSQL database for your attribute-based access control policies, create the policy database using the policy-db tool.
- The PostgreSQL instance must be reachable on the network from the Policy Editor host and listening for connections.
- The Policy Editor uses both a PostgreSQL administration user and a server runtime user. The administration user must be able to create new databases. Continue to use the same administration user when new releases of the Policy Editor become available to prevent database object ownership issues. Consult the official PostgreSQL documentation for help with creating new database users and for configuring PostgreSQL to listen for remote connections securely.
- The Policy Editor uses Java Database Connectivity (JDBC)
to connect to PostgreSQL. Be prepared to provide the JDBC connection string in the following
format:
jdbc:postgresql://<host>:<port>/<name>
. For example:jdbc:postgresql://example.com:5432/pap_db
.
Follow these instructions to create a PostgreSQL database for a manual installation of the Policy Editor. See Deploying PingAuthorize Policy Editor using Docker for containerized deployments.
Configure the Policy Editor to use the PostgreSQL database. See Installing the PingAuthorize Policy Editor non-interactively.
Important:
Provide the Policy Editor with the same --dbConnectionString, --dbAppUsername, and server runtime password you used to create the PostgreSQL database.