Database Access Rules Configuration
Given an already created instance (Cluster Initialization), PostgreSQL provides mechanisms that allow limiting access to data. This is the first level of security for the PostgreSQL instance, which will determine whether a connection can be opened or not.
Client authentication is controlled by the pg_hba.conf configuration file, also stored in the cluster's data directory (hba stands for host-based authentication). A default pg_hba.conf file is installed when the cluster is initialized.
In the Access Rules configuration, it will be possible to specify the type of connection, the name(s) of the Database(s), the identification of user(s) or group(s), the subnet or authorized host, and the authentication method.
-
All components installed.
pgsmart cluster config [Flags]
Flags:
-D, --pgdata=<path> [Default: data].=> PostgreSQL instance Data Directory.-M, --pgversion=(11|12|13|14|15).=> Major version of PostgreSQL.-a, --agent= <agent>. => Alias, hostname, or IP of the server where a PgSmart Agent is installed.-h, --help. => Help
Non-interactive execution is disabled for this operation.
pgsmart cluster config
Configuring Cluster Access Rules
-
Select the
PgSmart Agent(or register new Agent). -
Select
Instance settingsfrom the options menu. -
Select the
PostgreSQL instance Data Directoryfor which you want to configure access rules. -
Select the
Access Rulesoption.
When selecting the Access Rules option, the following operations will be available:
- List: Allows viewing existing access rules.
- Create: Allows creating a new access rule.
- Modify: Allows modifying an access rule.
- Duplicate: Allows duplicating an access rule.
- Remove: Allows removing an access rule.
List Access Rules
- Instructions
- Video
-
Select the
Listoperation.The list of current Access Rules will be displayed.
Figure 1 - Regras de Acesso - Lista
Create an Access Rule
- Instructions
- Video
-
Select the
Createoperation. -
Select the
type of access rule. -
Specify
which databases will be covered by the new Access Rule. (Default: all - any local host connection will enter for any database.) -
Specify the
users or groups that will be covered by the new Access Rule(Default: all - everyone) -
Specify the
subnetor authorizedhost. -
Select the
Authentication Method -
Confirm the creation of the new Access Rule.
-
Confirm the
Reloadfor the new Access Rules to take effect.
Figure 2 - Regras de Acesso - Cria
Modify an Access Rule
- Instructions
- Video
- Select the
Modifyoperation.
Upon selecting this action, PgSmart will provide a list of valid access rules.
-
Select the
Ruleyou want to modify. -
Adjust the desired item(s) in the sequence of options that will be presented, confirming each item with an [Enter].
-
Confirm the modification of the Access Rule.
-
Confirm the
Reloadof the PostgreSQL instance.
Figure 3 - Regras de Acesso - Altera
Remove an Access Rule
- Instructions
- Video
- Select the
Removeoperation.
Upon selecting this action, PgSmart will provide a list of valid access rules.
-
Select the
Access Ruleyou wish to remove. -
Confirm the removal.
-
Confirm the RELOAD of the PostgreSQL instance.
Figure 4 - Regras de Acesso - Remove
Duplicate an Access Rule
- Instructions
- Video
- Select the
Duplicateoperation.
Upon selecting this action, PgSmart will provide a list of valid access rules.
-
Select the
ruleyou wish to duplicate. -
Adjust each option presented for the new rule, confirming each item with an [Enter]:
-
Confirm the duplication of the Access Rule.
-
Confirm the
Reloadof the PostgreSQL instance.
Figure 5 - Regras de Acesso - Duplica
-
To implement actions on Access Rules, it is necessary to perform the RELOAD of the PostgreSQL instance.
-
This option is given by PgSmart at the time of confirming operations.
-
If the
Reloadis not confirmed, the configuration will remain in the file until the reload of the instance is executed.