--Script to generate statements to re-create users in redshift
select 'create user '+ usename +' password ''Hidden1!'' ;' from pg_user
order by usename asc;
--Script to generate statements to re-create groups
select 'create group '+ groname +';' from pg_group
order by groname asc;
--Script to generate statements to add users to various groups
SELECT 'alter group '+ groname + ' add user ' + usename + ';'
FROM "admin".v_get_users_in_group
order by groname , usename;
Month: September 2022
Export redshift schema using psql
pg_dump -h redshift.url.com -p 5439 -d mydb -U dba -f prod_rs_ddl.sql
Difference between users, groups, and roles on Postgres and Redshift
Postgres
We’ll start here, because Postgres generally sets the standard for relational databases.
In Postgres 9, users and groups were replaced with roles (Postgres have been very kind, and have maintained user and group as aliases for role for backwards compatibility). The difference between users and roles? Simply put, users can now be considered as roles with the ability to login.
- Membership: Any role can be a member of another role, so you can create a hierarchical structure with as many tiers as you’d like.
- Ownership: Any role can own relations.
- Privileges: Any role can have privileges granted to it.
- Inheritance: Up to you! Roles can be configured such that any members automatically inherit the privileges of the role, or can be configured to force a member to explicitly change their role in order to use those privileges.
Redshift
Redshift forked from Postgres somewhere around version 8. As such, roles look more like an old-school Postgres database rather than the role-based world of Postgres 9 – on Redshift, users and groups are separate entities.
- Membership: Only a user can be a member of groups, i.e. a group cannot be a member of other groups, so you can only have a two-tiered structure.
- Ownership: Users, rather than groups, own relations.
- Privileges: Both users and groups can have privileges granted to them.
- Inheritance: Users automatically inherit all privileges of any groups they are a member of.
Database Blog 