PostgreSQL objects hierarchy

Understanding the organization of PostgreSQL database logical objects helps in understanding object relations and interactions. PostgreSQL databases, roles, tablespaces, settings, and template languages have the same level of hierarchy, as shown in the following diagram:

PostgreSQL objects hierarchy

Top level component of the PostgreSQL server

Template databases

By default, when a database is created, it is cloned from a template database called template1. The template database contains a set of tables, views, and functions, which is used to model the relation between the user defined database objects. These tables, views, and functions are a part of the system catalog schema called pg_catalog.

Tip

The schema is very close to the namespace concept in object-oriented languages. It is often used to organize the database objects, functionality, security access, or to eliminate name collision.

The PostgreSQL server has two template databases:

  • template1: The default database to be cloned. It can be modified to allow global modification to all the newly created databases. For example, if someone intends to use a certain extension in all the databases, then they can install this extension in the template1 database. Certainly, installing an extension in template1 will not be cascaded to the already existing databases, but it will affect the databases that will be created after this installation.
  • template0: A safeguard or version database, it has several purposes as follows:
    • If template1 is corrupted by a user, then it can be used to fix template1.
    • It is handy, in restoring a database dump. When a developer dumps a database, all the extensions are also dumped. If the extension is already installed in template1, this will lead to a collision, because the newly created database already contains the extensions.
    • Unlike template1, template0 does not contain encoding-specific or locale-specific data.

Tip

One can create a database using a user database as a template. This is very handy for testing, database refactoring purposes, deployment plans, and so on.

User databases

One can have as many databases as one wants in a database cluster. A client connection to the PostgreSQL server can access only the data in a single database that is specified in the connection string. That means that data is not shared between the databases, unless the postgres foreign data wrapper or dblink extensions are used.

Every database in the database cluster has an owner and a set of associated permissions to control the actions allowed for a particular role. The privileges on PostgreSQL objects, which include databases, views, tables, and sequences, are represented in the psql client as follows:

<user>=<privileges>/granted by

If the user part of the privileges is not present, it means that the privileges are applied to the PostgreSQL special PUBLIC role.

The psql meta-command l is used to list all the databases in the database cluster with the associated attributes:

postgres=# x
Expanded display is on.
postgres=# l
List of databases
-[ RECORD 1 ]-----+----------------------------
Name              | postgres
Owner             | postgres
Encoding          | UTF8
Collate           | English_United Kingdom.1252
Ctype             | English_United Kingdom.1252
Access privileges |
-[ RECORD 2 ]-----+----------------------------
Name              | template0
Owner             | postgres
Encoding          | UTF8
Collate           | English_United Kingdom.1252
Ctype             | English_United Kingdom.1252
Access privileges | =c/postgres
                  | postgres=CTc/postgres
-[ RECORD 3 ]-----+----------------------------
Name              | template1
Owner             | postgres
Encoding          | UTF8
Collate           | English_United Kingdom.1252
Ctype             | English_United Kingdom.1252
Access privileges | =c/postgres
                  | postgres=CTc/postgres

The database access privileges are the following:

  • Create (-C): The create access privilege allows the specified role to create new schemas in the database.
  • Connect (-c): When a role tries to connect to a database, the connect permissions is checked.
  • Temporary (-T): The temporary access privilege allows the specified role to create temporary tables. Temporary tables are very similar to tables, but they are not persistent, and they are destroyed after the user session is terminated.

In the preceding example, the postgres database has no explicit privileges assigned. Also notice that, the PUBLIC role is allowed to connect to the template1 database by default.

Encoding allows you to store text in a variety of character sets, including one byte character sets such as SQL_ASCII or multiple byte character sets such as UTF-8. PostgreSQL supports a rich set of character encodings. For the full list of character encodings, please visit http://www.postgresql.org/docs/current/static/multibyte.html.

In addition to these attributes, PostgreSQL has several other attributes for various purposes, including the following:

  • Maintenance: The attribute datfrozenxid is used to determine if a database vacuum is required.
  • Storage management: The dattablespace attribute is used to determine the database tablespace.
  • Concurrency: The datconnlimit attribute is used to determine the number of allowed connections. -1 means no limits.
  • Protection: The datallowconn attribute disables the connection to a database. This is used mainly to protect template0 from being altered.

Tip

The psql c meta-command establishes a new connection to a database and closes the current one:

postgres=# c template0
FATAL: database "template0" is not currently accepting connections
Previous connection kept

pg_catalog tables are regular tables, thus one can use the SELECT , UPDATE, and DELETE operations to manipulate them. Doing so is not recommended, and needs the utmost attention.

The catalog tables are very useful for automating some tasks, such as checking for tables with the same name, duplicate indexes, missing constraints, and so on. One should not change the catalog manually except in rare cases; there are SQL commands to perform the same task. The following example shows how one can alter the connection limit database property by using the ALTER database command, or by using the UPDATE statement, which is not recommended. The following example changes the datconnlimit value from -1 to 1, and then reset the value to -1 again:

postgres=# SELECT datconnlimit FROM pg_database WHERE datname= 'postgres';
 datconnlimit
--------------
           -1
(1 row)

postgres=# ALTER DATABASE postgres CONNECTION LIMIT 1;
ALTER DATABASE
postgres=# SELECT datconnlimit FROM pg_database WHERE datname= 'postgres';
 datconnlimit
--------------
            1
(1 row)

postgres=# UPDATE pg_database SET datconnlimit=-1 WHERE datname='postgres';
UPDATE 1
postgres=# SELECT datconnlimit FROM pg_database WHERE datname= 'postgres';
 datconnlimit
--------------
           -1
(1 row)

Roles

Roles belong to the PostgreSQL server cluster and not to a certain database. A role can either be a database user or a database group. The role concept subsumes the concepts of users and groups in the old PostgreSQL versions. For compatibility reasons, with PostgreSQL version 8.1, the CREATE USER and CREATE GROUP SQL commands are still supported:

Roles

ER representation of role entity in PostgreSQL

The roles have several attributes, which are as follows:

  • Super user: A super user role can bypass all permission checks except the login attribute.
  • Login: A role with the login attribute can be used by a client to connect to a database.
  • Create database: A role with the create database attribute can create databases.
  • Initiating replication: A role with this attribute can be used for streaming replication.
  • Password: The role password can be used with the md5 authentication method. Also, it can be encrypted. The password expiration can be controlled by specifying the validity period. Note that this password differs from the OS password.
  • Connection limit: Connection limit specifies the number of concurrent connections that the user can initiate. Connection creation consumes hardware resources; thus, it is recommended to use connection pooling tools such as pgpool-II or pgbouncer, or some APIs such as apache DBCP or c3p0.
  • Inherit: If specified, the role will inherit the privileges assigned to the roles that it is a member of. If not specified, Inherit is the default.

When a database cluster is created, the postgres super user role is created by default.

Tip

CREATE USER is equivalent to CREATE ROLE with the LOGIN option, and CREATE GROUP is equivalent to CREATE ROLE with the NOLOGIN option.

A role can be a member of another role to simplify accessing and managing the database permissions; for example, one can create a role with no login, also known as group, and grant its permissions to access the database objects. If a new role needs to access the same database objects with the same permissions as the group, the new role could be assigned a membership to this group. This is achieved by the SQL commands GRANT and REVOKE, which are discussed in detail in Chapter 8, PostgreSQL Security.

Tip

The roles of a cluster do not necessarily have the privilege to access every database in the cluster.

Tablespace

Tablespace is a defined storage location for a database or database objects. Tablespaces are used by administrators to achieve the following:

  • Maintenance: If the hard disk partition runs out of space where the database cluster is created and cannot be extended, a tablespace on another partition can be created to solve this problem by moving the data to another location.
  • Optimization: Heavily accessed data could be stored in fast media such as a solid-state drive (SSD). At the same time, tables that are not performance critical could be stored on a slow disk.

The SQL statement to create tablespace is CREATE TABLESPACE.

Template procedural languages

Template procedural language is used to register a new language in a convenient way. There are two ways to create a programing language; the first way is by specifying only the name of the programing language. In this method, PostgreSQL consults the programing language template and determines the parameters. The second way is to specify the name as well as the parameters. The SQL command to create a language is CREATE LANGUAGE.

Tip

In PostgreSQL versions older than 9.1, create extension can be used to install a programming language. The template procedural languages are maintained in the table pg_pltemplate. This table might be decommissioned in favor of keeping the procedural language information in their installation scripts.

Settings

The PostgreSQL settings control different aspects of the PostgreSQL server, including replication, write-ahead logs, resource consumption, query planning, logging, authentication, statistic collection, garbage collection, client connections, lock management, error handling, and debug options.

The following SQL command shows the number of PostgreSQL settings. Note that this number might differ slightly between different installations as well as customized settings:

postgres=# SELECT count(*) FROM pg_settings;
 count
-------
   239
(1 row)

Setting parameters

The setting names are case-insensitive. The setting value types can be the following:

  • Boolean: 0, 1, true, false, on, off, or any case-insensitive form of the previous values. The ENABLE_SEQSCAN setting falls in this category.
  • Integer: An integer might specify a memory or time value; there is an implicit unit for each setting such as second or minute. In order to avoid confusion, PostgreSQL allows units to be specified. For example, one could specify 128 MB as a shared_buffers setting value.
  • Enum: These are predefined values such as ERROR and WARNING.
  • Floating point: cpu_operator_cost has a floating point domain. cpu_operator_cost is used to optimize the PostgreSQL execution plans.
  • String: A string might be used to specify the file location on a hard disk, such as the location of the authentication file.

Setting a context

The setting context determines how to change a setting value and when the change can take effect. The setting contexts are as follows:

  • Internal: The setting cannot be changed directly. One might need to recompile the server source code or initialize the database cluster to change this. For example, the length of PostgreSQL identifiers is 63 characters.
  • Postmaster: Changing a setting value requires restarting the server. Values for these settings are typically stored in the PostgreSQL postgresql.conf file.
  • Sighup: No server restart is required. The setting change can be made by amending the postgresql.conf file, followed by sending a SIGHUP signal to the postgres server process.
  • Backend: No server restart is required. They can also be set for a particular session.
  • Superuser: Only a super user can change this setting. This setting can be set in postgresql.conf or via the SET command.
  • User: This is similar to superuser, and is typically used to change the session-local values.

PostgreSQL provides the SET and SHOW commands to change and inspect the value of a setting parameter respectively. Those commands are used to change the setting parameters in the superuser and user context. Typically, changing the value of a setting parameter in the postgresql.conf file makes the effect global.

The settings can also have a local effect, and can be applied to different contexts such as session and table. For example, let us assume that you would like some clients to be able to perform the read-only operation; this is useful for configuring some tools such as Confluence (Atlassian). In this case, you can achieve that by setting the default_transaction_read_only parameter:

postgres=# SET default_transaction_read_only to on;
SET
postgres=# CREATE TABLE test_readonly AS SELECT 1;
ERROR:  cannot execute SELECT INTO in a read-only transaction

In the preceding example, the creation of a table has failed within the opened session; however, if one opens a new session and tries to execute the command CREATE TABLE, it will be executed successfully because the default value of the default_transaction_read_only setting is off. Setting the default_transaction_read_only parameter in the postgresql.conf file will have a global effect as mentioned earlier.

PostgreSQL also provides the pg_reload_conf() function, which is equivalent to sending the SIGHUP signal to the postgres process.

Tip

In general, it is preferable to use pg_reload_conf(), because it is safer than the SIGHUP kill signal due to human error.

In order to set the database in the read-only mode in a Debian Linux distribution, one can do the following:

  • Edit postgresql.conf and alter the value of default_transaction_read_only. This can be done in Ubuntu with the following commands:
    sudo su postgres
CONF=/etc/postgresql/9.4/main/postgresql.conf
sed -i "s/#default_transaction_read_only = off/default_transaction_read_only = on/" $CONF
  • Reload the configuration by executing the pg_reload_conf() function:
    psql -U postgres -c "SELECT pg_reload_conf()"
 pg_reload_conf
----------------
 t
(1 row)

One needs to plan carefully for changing the setting parameter values that require server down time. For noncritical changes, one can change the postgresql.conf file in order to make sure that the change will take effect when the server is restarted due to security updates. For urgent changes, one should follow certain processes, such as scheduling a down time and informing the user of this down time.

The developer, in general, is concerned with two settings categories, which are as follows:

  • Client connection defaults: These settings control the statement behaviors, locale, and formatting.
  • Query planning: These settings control the planner configuration, and give hints to the developer on how to rewrite SQL queries.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset