Contents
- Getting Started
- Deployment
- Login Page
- Enabling two-factor authentication (2FA)
- User Management Dialog
- Change Ownership Dialog
- Change User Password Dialog
- Lock/Restore Account
- Enabling LDAP Authentication
- Enabling Kerberos Authentication
- Enabling OAUTH2 Authentication
- Enabling Webserver Authentication
- User Interface
- Menu Bar
- Toolbar
- Tabbed Browser
- Tree Control
- Preferences Dialog
- Keyboard Shortcuts:
- Search objects
- External database for pgAdmin user settings
- Connecting To A Server
- Managing Cluster Objects
- Managing Database Objects
- Creating or Modifying a Table
- Management Basics
- Backup and Restore
- Developer Tools
- Processes
- pgAgent
- pgAdmin Project Contributions
- Release Notes
- Licence
User Management Dialog¶
When invoking pgAdmin in desktop mode, a password is randomly generated, and then ignored. If you install pgAdmin in server mode, you will be prompted for an administrator email and password for the pgAdmin client.
When you authenticate with pgAdmin, the server definitions associated with that login role are made available in the tree control. An administrative user can use the User Management dialog to:
add or delete pgAdmin roles
assign privileges
manage the password associated with a role
Use the Search field to specify a criteria and review a list of users that matches with the specified criteria. You can enter a value that matches the following criteria types: Authentication source, Username, or Email. For example, you can enter ldap in the search box and only the records having ldap as authentication source will be displayed in the User Management table.
To add a user, click the Add (+) button at the top right corner.
Provide information about the new pgAdmin role in the row:
Use the drop-down list box next to Authentication source field to select the type of authentication that should be used for the user. If authentication source is only ‘internal’ then Authentication source field is disabled. Supported Authentication source are internal, ldap, kerberos, oauth2 and webserver.
Click in the Username field, and provide a username for the user. This field is enabled only when you select authentication source except internal. If you select internal as authentication source, your email address is displayed in the username field.
Click in the Email field, and provide an email address for the user.
Use the drop-down list box next to Role to select whether a user is an Administrator or a User.
Select Administrator if the user will have administrative privileges within the pgAdmin client.
Select User to create a non-administrative user account.
Move the Active switch to the No position if the account is not currently active; the default is Yes. Use this switch to disable account activity without deleting an account.
Use the New password field to provide the password associated with the user specified in the Email field. This field is disabled if you select any authentication source except internal.
Re-enter the password in the Confirm password field. This field is disabled if you select ldap as authentication source.
Locked switch is disabled by default when set to False. It is only enabled when the user is locked by trying unsuccessful login attempts. Move the switch to the False position if you want to unlock the account.
To discard a user, and revoke access to pgAdmin, click the trash icon to the left of the row and confirm deletion in the Delete user? dialog. If the user has created some shared servers, then the Change Ownership dialog will appear to change the ownership of a shared server.
Users with the Administrator role are able to add, edit and remove pgAdmin users, but otherwise have the same capabilities as those with the User role.
Click the Help button (?) to access online help.
Click the Close button to save work. You will be prompted to return to the dialog if your selections cannot be saved.
Using ‘setup.py’ command line script¶
Note
To manage users using setup.py
script, you must use
the Python interpreter that is normally used to run pgAdmin to ensure
that the required Python packages are available. In most packages, this
can be found in the Python Virtual Environment that can be found in the
installation directory. When using platform-native packages, the system
installation of Python may be the one used by pgAdmin.
When using PIP wheel package to install pgadmin, all the commands can be used without Python interpreter.
Some of the examples: pgadmin4-cli add-user user1@gmail.com password –role 1 pgadmin4-cli get-prefs
Manage Users¶
Add User¶
To add user, invoke setup.py
with add-user
command line option, followed by
email and password. role and active will be optional fields.
/path/to/python /path/to/setup.py add-user user1@gmail.com password
# to specify a role, admin and non-admin users:
/path/to/python /path/to/setup.py add-user user1@gmail.com password --admin
/path/to/python /path/to/setup.py add-user user1@gmail.com password --nonadmin
# to specify user's status
/path/to/python /path/to/setup.py add-user user1@gmail.com password --active
/path/to/python /path/to/setup.py add-user user1@gmail.com password --inactive
Add External User¶
To add external authentication user, invoke setup.py
with add-external-user
command line option,
followed by email, password and authentication source. email, role and status will be optional fields.
/path/to/python /path/to/setup.py add-external-user user1@gmail.com ldap
# to specify an email:
/path/to/python /path/to/setup.py add-external-user ldapuser ldap --email user1@gmail.com
# to specify a role, admin and non-admin user:
/path/to/python /path/to/setup.py add-external-user ldapuser ldap --admin
/path/to/python /path/to/setup.py add-external-user ldapuser ldap --nonadmin
# to specify user's status
/path/to/python /path/to/setup.py add-external-user user1@gmail.com ldap --active
/path/to/python /path/to/setup.py add-external-user user1@gmail.com ldap --inactive
Update User¶
To update user, invoke setup.py
with update-user
command line option, followed by
email address. password, role and active are updatable fields.
/path/to/python /path/to/setup.py update-user user1@gmail.com --password new-password
# to specify a role, admin and non-admin user:
/path/to/python /path/to/setup.py update-user user1@gmail.com password --role --admin
/path/to/python /path/to/setup.py update-user user1@gmail.com password --role --nonadmin
# to specify user's status
/path/to/python /path/to/setup.py update-user user1@gmail.com password --active
/path/to/python /path/to/setup.py update-user user1@gmail.com password --inactive
Update External User¶
To update the external user, invoke setup.py
with update-external-user
command line option,
followed by username and auth source. email, password, role and active are updatable fields.
# to change email address:
/path/to/python /path/to/setup.py update-external-user ldap ldapuser --email newemail@gmail.com
# to specify a role, admin and non-admin user:
/path/to/python /path/to/setup.py update-user user1@gmail.com password --role --admin
/path/to/python /path/to/setup.py update-user user1@gmail.com password --role --nonadmin
# to change user's status
/path/to/python /path/to/setup.py update-user ldap ldapuser --active
/path/to/python /path/to/setup.py update-user ldap ldapuser --inactive
Delete User¶
To delete the user, invoke setup.py
with delete-user
command line option, followed by
username and auth_source. For Internal users, email adress will be used instead of username. the option --yes
is available to skip the confirmation prompt before deleting the user.
/path/to/python /path/to/setup.py delete-user user1@gmail.com --auth-source internal
/path/to/python /path/to/setup.py delete-user user2@gmail.com --auth-source internal --yes
/path/to/python /path/to/setup.py delete-user ldapuser --auth-source ldap
Get User¶
To get the user details, invoke setup.py
with get-users
command line option, followed by
username/email address.
# to list all the users:
/path/to/python /path/to/setup.py get-users
# to get the user's details:
/path/to/python /path/to/setup.py get-users --username user1@gmail.com
Output¶
Each command output can be seen in the json format too by adding –json command line option.