View on GitHub

ClassDB

An open-source system to let students experiment with relational data

ClassDB Home | Table of Contents

ClassDB Roles

Author: Andrew Figueroa

ClassDB creates and uses the following database roles in the PostgreSQL (Postgres) instance where it is installed:

For ease of reading, the first three roles will be referred to without the “classDB_” prefix in ClassDB’s documentation. dbmanager will also be referred to as DB manager.

Each user created by ClassDB is assigned their own schema where they can perform Create, Read, Update, and Delete (CRUD) operations on objects within that schema. This schema will usually be referred to as their “assigned” schema.

A user may be a member of more than one of the roles created by ClassDB, in which case they will have the privileges and restrictions of both roles. In conflicts between the two, privileges supersede restrictions, as the more permissive role will be used in such a situation.

ClassDB

classdb is a role that is used solely for internal operations. In an unmodified instance of ClassDB, this role cannot login or connect to a ClassDB database. However, it is not necessary to do so for any of ClassDB’s facilities. Another thing of note is that the classdb role is granted to the user who runs the setup for an instance of ClassDB.

After running all of the “Core” ClassDB scripts, the classdb role becomes the owner of all ClassDB related functions, tables, and views, except for the following four functions: listUserConnections(), enableDDLActivityLogging(), disableDDLActivityLogging(), and importConnectionLog(). These functions remain owned by the user who ran the script due to requiring superuser privileges. In addition to being owned by classdb, most functions will also run under the security context of the classdb role.

Instructor

As the name implies, users who have the instructor role will typically be instructors in a class that uses an instance of ClassDB. Users with the instructor role are allowed to read from the schema assigned to each student. In addition to this, they are able to view all activity that has been logged (if the logging facilities are enabled), along with having the ability to add or remove DB managers, students, and other instructors.

ClassDB Capabilities

Privileges

DB Manager

A DB manager is a type of user who performs administrative tasks for an instance of ClassDB, but is not considered an instructor in a class that uses ClassDB. It is not necessary to have a DB manager within an instance of ClassDB. A DB manager has all of the same capabilities and privileges of an instructor, but does not have read access on the assigned schema of student roles and cannot Create on the public schema.

ClassDB Capabilities

Privileges

Student

Students will typically be students in a class that uses an instance of ClassDB. Students have the fewest privileges of all roles. In a well organized setup, the instance of ClassDB should be completely invisible to students. Instead, from their perspective, they will simply be using a database to experiment with queries or complete assignments. Unlike other roles, students may be limited in the number of connections they can have open, and by the amount of time that a query they execute can run. These two limits exist to reduce the impact that any one student has on a server running an instance of ClassDB.

ClassDB Capabilities

Privileges

Additional Restrictions