AI Accelerator Permissions Setup v1.3

Suggest edits

A new database role, aidb_users, is created as part of the AIDB extension installation. Membership to this role is required for access to most extension functions. This role will not be removed if the extension is deleted.

aidb_users is designed to simplify access management for AIDB features:

  • Purpose: Granting a user the aidb_users role provides access to all AIDB functions, allowing access to the extension's capabilities.
  • Security: The aidb_users role does not grant access to AIDB's internal tables, ensuring that only the extension's public API is exposed to users.
  • Background Workers: When background workers are used, they execute as the user who defined them, or as a role specified by the user—provided the user has access to that role.

To allow a user to use AIDB functions, simply grant them the aidb_users role:

GRANT aidb_users TO your_user;

Here is an example of creating a user named alice with no privileges or role membership to start with:

CREATE ROLE alice
  LOGIN
  PASSWORD 'change_me';   -- replace with a real password

Now add alice to the application group role aidb_users

GRANT aidb_users TO alice;

alice now inherits whatever global privileges aidb_users has (for example: EXECUTE on routines in aidb, USAGE on schemas, etc.)

Give alice (not aidb_users) full rights on selected tables in public schema This example shows three arbitrary tables. These would ordinarily be source tables used in the pipeline

GRANT SELECT, INSERT, UPDATE, DELETE
  ON public.documents,
     public.email_text,
     public.chats
  TO alice;

And in cases where you need alice to be able to create objects in public:

GRANT CREATE ON SCHEMA public TO alice;

Alice automatically owns whatever she creates, so she can ALTER or DROP her own objects. She cannot drop or alter other users’ objects in public.

Now you may Verify privileges

\z public.documents,
\z public.email_text,
\z public.chats


export const _frontmatter = {"title":"AI Accelerator Permissions Setup","navTitle":"Permissions Setup","description":"Permissions Setup in AIDB","prevNext":true}
← Prev

Upgrading AI Accelerator Pipelines

↑ Up

Installing AI Accelerator Pipelines