Create Users & Databases
Platform admin guide — provision access for new applications.
These commands run on the DB server only. App developers should request access, not run these in production code.
Onboarding Checklist
- Receive access request (app name, DBs, API server IP)
- Create app database / user / ACL / collections
- Whitelist API server IP on firewall (if new)
- Send connection pack to developer
- Verify developer connects from API server
Access Request Template
App name: my-saas-app
API server IP: 72.60.223.44
Databases: [ ] PostgreSQL [ ] MongoDB [ ] Redis [ ] Qdrant [ ] Neo4j
Postgres: DB myapp_db, read/write
MongoDB: DB myapp_db, read/write
Redis: prefix myapp:
Qdrant: collections myapp_documents
Neo4j: labels MyApp_, read/writePostgreSQL
docker exec -it bizfy-postgres psql -U postgres -d bizfy
CREATE DATABASE myapp_db;
CREATE USER myapp_user WITH PASSWORD 'strong-random-password';
GRANT CONNECT ON DATABASE myapp_db TO myapp_user;
\c myapp_db
GRANT USAGE ON SCHEMA public TO myapp_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO myapp_user;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO myapp_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO myapp_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO myapp_user;MongoDB
docker exec -it bizfy-mongodb mongosh -u admin -p --authenticationDatabase admin
use myapp_db
db.createUser({
user: "myapp_user",
pwd: "strong-random-password",
roles: [{ role: "readWrite", db: "myapp_db" }]
})Redis
docker exec -it bizfy-redis redis-cli -a "$REDIS_PASSWORD"
ACL SETUSER myapp_user on >strong-random-password ~myapp:* +@all -@dangerous
ACL GETUSER myapp_userQdrant
Shared API key in /srv/databases/.env. Isolation by collection name prefix.
# Developer creates collections via SDK: myapp_documents, myapp_products
# Admin can list/delete:
curl -s -H "api-key: $KEY" http://db.bizfylabs.com:6333/collections
curl -X DELETE -H "api-key: $KEY" http://db.bizfylabs.com:6333/collections/myapp_documentsNeo4j
docker exec -it bizfy-neo4j cypher-shell -u neo4j -p
CREATE USER myapp_user SET PASSWORD 'strong-random-password' CHANGE NOT REQUIRED;
GRANT ROLE editor TO myapp_user;
SHOW USERS;Whitelist New API Server IP
NEW_IP="x.x.x.x"
for port in 5432 27017 6333 6334 7687 6379; do
ufw allow from "$NEW_IP" to any port "$port" proto tcp
done
sudo /srv/databases/scripts/apply-docker-user-rules.sh
systemctl restart docker-user-firewall.serviceConnection Pack (send to developer)
═══════════════════════════════════════════════════
Bizfy Labs DB Access — my-saas-app
═══════════════════════════════════════════════════
Host: db.bizfylabs.com
Your IP: 72.60.223.44 ← whitelisted
DATABASE_URL=postgresql://myapp_user:PASSWORD@db.bizfylabs.com:5432/myapp_db
MONGODB_URI=mongodb://myapp_user:PASSWORD@db.bizfylabs.com:27017/myapp_db?authSource=myapp_db
REDIS_URL=redis://myapp_user:PASSWORD@db.bizfylabs.com:6379
QDRANT_URL=http://db.bizfylabs.com:6333
QDRANT_API_KEY=YOUR_KEY
NEO4J_URI=bolt://db.bizfylabs.com:7687
NEO4J_USER=myapp_user
NEO4J_PASSWORD=PASSWORD
Docs: https://db.bizfylabs.com/docs/
═══════════════════════════════════════════════════Read-only Users (all databases)
| Database | How |
|---|---|
| PostgreSQL | GRANT SELECT only — see postgres.html |
| MongoDB | Role read — see mongodb.html |
| Redis | +@read -@dangerous — see redis.html |
| Qdrant | Same API key; app uses read-only SDK calls only |
| Neo4j | GRANT ROLE reader — see neo4j.html |