Granting Administrative Rights for the Database Engine
This section begins by outlining those PSQL v12 tasks that require administrative-level access at the operating system level and those that do not. The section then walks you through the steps to grant a user administrative-level access for each of the supported operating systems.
*Note: This information applies only to the Server engine unless otherwise noted.
Tasks Requiring Administrative Rights
Administrative-level rights are required to perform the following tasks:
Create and configure named databases and tables
View or modify a table design with Table Editor
Set engine configuration options
View and set engine monitoring values
View certain engine configuration settings
Restart the engine when running as a service
How Administrative Rights are Granted
To have administrator-level access you must either:
Possess full administrator-level rights on the machine on which the database engine is running (a domain administrator, for example, may lack full permissions on certain local machines)
or
Be a member of the operating system group Pervasive_Admin.
To modify a table design with Table Editor, you must have full administrator rights on the machine on which the database engine is running even if you are a member of the Pervasive_Admin group.
*Note: For Linux and OS X servers, administrator-level rights can be granted only by using the btadmin utility to add users and passwords to the btpasswd file.
The Pervasive_Admin option is offered so that you can grant users administrative rights to the database engine without granting them administrative rights to the operating system where the database engine resides.
Rights Within an Active Directory Environment
You may use one or more Pervasive_Admin groups within an Active Directory environment. See Active Directory Service in Getting Started with PSQL.
Rights Provided to non-Administrative Users
Runtime-only access enables a user without administrator-level rights to perform the following tasks:
Extract a list of DSNs
Extract a count of DSNs
Extract information on a DSN
Extract information on the location of the DBnames configuration file (dbnames.cfg)
Connect to databases
Retrieve, update, insert, and delete data (as permitted by database security)
Tasks for Granting Administrative Rights
To grant a user administrative rights, follow the instructions for your platform:
Granting Administrative Rights on a Windows Server
Granting Administrator Rights on Linux and OS X
Logging in as Administrator on Any Platform
Granting Administrative Rights on a Windows Server
Users who are members of Pervasive_Admin or of Administrators are permitted to perform administrative tasks on the database engine.
To grant a user database administrator rights on a Windows 32-bit Server Platform
*Note: You must be logged onto the Windows server as a user with full administrator-level rights on the server or be a member of the Pervasive_Admin group defined on the server.
1
In the Windows Control Panel, double-click Users and Passwords.
2
Click the Advanced tab. In the Advanced User Management area, click Advanced.
3
Click the Groups folder. From the menu, click Action > New Group.
4
Type in Pervasive_Admin as the group name.
(To add users to this group, click Add, select user name, click Add then OK.)
5
Click Create to create the group.
6
Click Close.
*Note: If the Log on as setting for the PSQL services is not System Account, see Services Settings and Log In Authority.
Services Settings and Log In Authority
Certain operating system settings for the PSQL services must be in effect for you to log in to the machine running the database engine. These settings apply whether or not you use a Pervasive_Admin user group.
The settings apply to the PSQL Server Engine and to the Workgroup Engine if you are running the Workgroup Engine as a service. If you are running Workgroup Engine as an application and want to change it to run as a service, see Running the Workgroup Engine as a Service in Getting Started with PSQL.
Default Setting
By default installation, both the Transactional and Relational services set Log on to Local System Account.
Logging On as “This Account”
If you change the Log on as setting to This account, you must change the user rights policy Act as part of the operating system for the account. Otherwise, remote login fails.
For example, the Monitoring utility requires that you log in to the operating system on the machine where the database engine is running. You will receive a message that login failed if the account specified for This account cannot act as part of the operating system.
Note that even the Administrator account requires that you set the user rights policy for Act as part of the operating system.
You specify This account on the services property sheet.
User Rights Policy Tasks
The following tasks explain how to change the user rights policy.
To Set User Rights Policy on Windows 32-bit Platforms
1
Access the operating system Control Panel.
2
Double-click Administrative Tools.
3
Right-click Local Security Policy, then click Open.
 
4
Expand the tree for Local Policies, and click User Rights Assignment.
5
In the policy pane, right-click Act as part of the operating system, then click Security.
6
Click Add.
7
In the Name pane, click the user or group for whose account you want to grant the user policy. (For example, you could grant the policy to the Pervasive_Admin group.)
8
Click Add.
The user name is added to the bottom pane. For example, the following image shows that the Administrator has been added.
9
Click OK.
The user name is added to the settings for local security policy.
10
Click OK.
11
Exit the window for Local Security Settings, then exit Administrative Tools.
Granting Administrator Rights on Linux and OS X
To grant a user administrator rights
A user cannot remotely administer a server engine unless that user has first been set up as a database user with administrative rights. You can perform this task by using the btadmin utility at the server command line.
See also PSQL Account Management on Linux and OS X in Getting Started with PSQL for a complete discussion of configuring the environment for administrative rights.
1
Log in to the server as psql or as root if the variables for PATH and LD_LIBRARY_PATH, or DYLD_LIBRARY_PATH on OS X, have been set and exported. No other user is permitted to run btadmin.
2
Create a new user with administrative rights by running btadmin:
btadmin -p passwd a+ user_name
For example, if you wanted to create an administrative user tim with password tim56, you would enter the following command:
btadmin -p tim56 a+ tim
*Note: Users created with btadmin are not related to Linux or OS X system users. These users are known only to the database engine.
Logging in as Administrator on Any Platform
To connect to a remote PSQL v12 server
1
Use the Monitor utility to connect to a remote server. Refer to the Advanced Operations Guide for a discussion of this utility.
2
Enter your operating system user name and password, and click OK.
Figure 3 Connect to Remote Server Dialog Box
The password is encrypted before being sent over the network using a unique and predefined encryption key. The PSQL v12 engine unpacks and decrypts the user name and password, and verifies access. It then returns a status code to the client indicating the success or failure of the verification.