98 lines
2.4 KiB
Markdown
98 lines
2.4 KiB
Markdown
# Quick Fix: Database Permissions
|
|
|
|
## Current Situation
|
|
|
|
✅ You can fetch credentials from AWS SSM:
|
|
- `read_only_user` - Read-only access
|
|
- `read_write_user` - Read-write access (but can't grant permissions to itself)
|
|
|
|
❌ You need **admin/master user** credentials to grant CREATE permission
|
|
|
|
## Solution: Get AWS RDS Master User Credentials
|
|
|
|
### Step 1: Find Master User in AWS RDS
|
|
|
|
1. Go to **AWS RDS Console**: https://console.aws.amazon.com/rds/
|
|
2. Click on your database instance (`db.livingai.app`)
|
|
3. Look for **"Master username"** in the instance details
|
|
- Usually it's `postgres` or a custom name you set during creation
|
|
|
|
### Step 2: Get or Reset Master Password
|
|
|
|
**Option A: You know the password**
|
|
- Use it directly
|
|
|
|
**Option B: You forgot the password**
|
|
1. Select your RDS instance
|
|
2. Click **"Modify"**
|
|
3. Change the master password
|
|
4. Apply changes (may require a maintenance window)
|
|
|
|
### Step 3: Store Admin Credentials in AWS SSM
|
|
|
|
Run this command in your farm-auth-service directory:
|
|
|
|
```bash
|
|
npm run store-admin
|
|
```
|
|
|
|
When prompted, enter:
|
|
- **Username**: Your RDS master username (e.g., `postgres`)
|
|
- **Password**: Your RDS master password
|
|
- **Host**: `db.livingai.app` (default)
|
|
- **Port**: `5432` (default)
|
|
- **Database**: `livingai_test_db` (default)
|
|
|
|
This will store credentials at: `/test/livingai/db/admin`
|
|
|
|
### Step 4: Run Setup
|
|
|
|
```bash
|
|
npm run setup-db
|
|
```
|
|
|
|
The script will automatically:
|
|
1. Find admin credentials from SSM
|
|
2. Grant CREATE permission to `read_write_user`
|
|
3. Create the `uuid-ossp` extension
|
|
4. Verify permissions
|
|
|
|
### Step 5: Restart Application
|
|
|
|
```bash
|
|
npm start
|
|
```
|
|
|
|
## Alternative: Manual SQL
|
|
|
|
If you prefer to run SQL directly:
|
|
|
|
1. Connect to your database using any PostgreSQL client with master credentials
|
|
2. Run:
|
|
```sql
|
|
GRANT USAGE ON SCHEMA public TO read_write_user;
|
|
GRANT CREATE ON SCHEMA public TO read_write_user;
|
|
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
|
|
```
|
|
|
|
## Why This Is Needed
|
|
|
|
PostgreSQL security model:
|
|
- Users cannot grant permissions to themselves
|
|
- Only superusers or schema owners can grant CREATE permission
|
|
- The `read_write_user` needs CREATE permission to create tables like `otp_codes`
|
|
|
|
## Verification
|
|
|
|
After setup, verify permissions:
|
|
|
|
```sql
|
|
SELECT
|
|
has_schema_privilege('read_write_user', 'public', 'USAGE') as has_usage,
|
|
has_schema_privilege('read_write_user', 'public', 'CREATE') as has_create;
|
|
```
|
|
|
|
Both should return `true`.
|
|
|
|
|