Registry database users and privileges

🌐 This document is available in both English and Ukrainian. Use the language toggle in the top right corner to switch between versions.

This document contains a list of database users grouped by the subsystems that use them to access the registry databases.

For each user, the following information is provided:

A list of system privileges if they exist.
A list of databases with privileges for each database if they exist.
A list of database objects to which they have access and the actions they can perform on these objects.

1. Registry analytical reporting subsystem

1.1. analytics_admin

Database	Objects privileges
audit
analytical.registry	select on all analytical views

Database

Objects privileges

audit

analytical.registry

select on all analytical views

1.2. analytics_auditor

Database	Objects privileges
audit	select on audit_event_security_event_v
select on audit_event_system_event_v
select on audit_event_user_action_v

Database

Objects privileges

audit

select on audit_event_security_event_v

select on audit_event_system_event_v

select on audit_event_user_action_v

1.3. historical_data_role

Database	Objects privileges
analytical.registry	select on ddm_source_application
select on ddm_source_business_process
select on ddm_source_system
select on all *_hst tables (all historical tables)

Database

Objects privileges

analytical.registry

select on ddm_source_application

select on ddm_source_business_process

select on ddm_source_system

select on all *_hst tables
(all historical tables)

2. Registry audit events logging subsystem

2.1. audit_service_user

Database	Objects privileges
audit	insert on audit_event

Database

Objects privileges

audit

insert on audit_event

3. User settings management subsystem

3.1. settings_role

Database	Objects privileges
settings (owner)	table settings owner
table notification_channel owner

Database

Objects privileges

settings (owner)

table settings owner

table notification_channel owner

4. Registry excerpts generation subsystem

4.1. excerpt_exporter

Database	Objects privileges
excerpt	select, insert, update, delete on excerpt_template

Database

Objects privileges

excerpt

select, insert, update, delete on excerpt_template

4.2. excerpt_service_user

Database	Objects privileges
excerpt	select on excerpt_template
select, insert on excerpt_record

Database

Objects privileges

excerpt

select on excerpt_template

select, insert on excerpt_record

4.3. excerpt_worker_user

Database	Objects privileges
excerpt	select on excerpt_template
select, update on excerpt_record

Database

Objects privileges

excerpt

select on excerpt_template

select, update on excerpt_record

5. User notification subsystem

5.1. notification_template_publisher_user

No privileges

5.2. notification_service_user

Database	Objects privileges
excerpt	select,insert, update, delete on notification_template
select, insert, update, delete on notification_template_attr
select, insert, update, delete on inbox_notification

Database

Objects privileges

excerpt

select,insert, update, delete on notification_template

select, insert, update, delete on notification_template_attr

select, insert, update, delete on inbox_notification

6. Registry regulations deployment subsystem

6.1. registry_owner_role

Database	Objects privileges
operational.registry (owner) analytical.registry (owner)	all privileges on all tables in schema public
all privileges on all routines in schema public
owner of all objects in schema registry

Database

Objects privileges

operational.registry (owner)
analytical.registry (owner)

all privileges on all tables in schema public

all privileges on all routines in schema public

owner of all objects in schema registry

6.2. postgres

System privileges: SUPERUSER

7. Registry data management subsystem

7.1. application_role

Database	Objects privileges
operational.registry	execute on all routines in schema public
select on all tables and views in schema registry
analytical.registry

Database

Objects privileges

operational.registry

execute on all routines in schema public

select on all tables and views in schema registry

analytical.registry

8. Business process management subsystem

8.1. process_history_role

Database	Objects privileges
process_history	select, insert, update on bpm_history_process
select, insert, update on bpm_history_task

Database

Objects privileges

process_history

select, insert, update on bpm_history_process

select, insert, update on bpm_history_task

8.2. postgres

System privileges: SUPERUSER

9. Geodata management subsystem

9.1. geoserver_role

Database	Objects privileges
operational.registry	execute on all routines in schema public
select on all tables and views in schema registry
select on geography_columns
select on geometry_columns
select on spatial_ref_sys

Database

Objects privileges

operational.registry

execute on all routines in schema public

select on all tables and views in schema registry

select on geography_columns

select on geometry_columns

select on spatial_ref_sys

10. Registry regulations modeling subsystem

10.1. registry_regulation_management_role

Database	Objects privileges
operational.registry	select on all tables and views
registry_dev_* (all databases created by the subsystem)	select on all tables and views

Database

Objects privileges

operational.registry

select on all tables and views

registry_dev_*
(all databases created by the subsystem)

select on all tables and views

10.2. registry_template_owner_role

System privileges: CREATEDB

Database	Objects privileges
operational.registry (owner)	all privileges on all tables in schema public
all privileges on all routines in schema public
owner of all objects in schema registry
registry_template (owner)
registry_dev_* (owner) (all databases created by the subsystem)	owner of all objects in schema registry

Database

Objects privileges

operational.registry (owner)

all privileges on all tables in schema public

all privileges on all routines in schema public

owner of all objects in schema registry

registry_template (owner)

registry_dev_* (owner)
(all databases created by the subsystem)

owner of all objects in schema registry