--Script to generate statements to re-create users in redshift select 'create user '+ usename +' password ''Hidden1!'' ;' from pg_user order by usename asc; --Script to generate statements to re-create groups select 'create group '+ groname +';' from pg_group order by groname asc; --Script to generate statements to add users to various groups SELECT 'alter group '+ groname + ' add user ' + usename + ';' FROM "admin".v_get_users_in_group order by groname , usename;
pg_dump -h redshift.url.com -p 5439 -d mydb -U dba -f prod_rs_ddl.sql
We’ll start here, because Postgres generally sets the standard for relational databases.
In Postgres 9, users and groups were replaced with roles (Postgres have been very kind, and have maintained
group as aliases for
role for backwards compatibility). The difference between users and roles? Simply put, users can now be considered as roles with the ability to login.
- Membership: Any role can be a member of another role, so you can create a hierarchical structure with as many tiers as you’d like.
- Ownership: Any role can own relations.
- Privileges: Any role can have privileges granted to it.
- Inheritance: Up to you! Roles can be configured such that any members automatically inherit the privileges of the role, or can be configured to force a member to explicitly change their role in order to use those privileges.
Redshift forked from Postgres somewhere around version 8. As such, roles look more like an old-school Postgres database rather than the role-based world of Postgres 9 – on Redshift, users and groups are separate entities.
- Membership: Only a user can be a member of groups, i.e. a group cannot be a member of other groups, so you can only have a two-tiered structure.
- Ownership: Users, rather than groups, own relations.
- Privileges: Both users and groups can have privileges granted to them.
- Inheritance: Users automatically inherit all privileges of any groups they are a member of.