Security and Permission
๐๏ธ Manage Roles and Privileges
The Apache Cloudberry authorization mechanism stores roles and privileges to access database objects in the database and is administered using SQL statements or command-line utilities.
๐๏ธ Configure Client Authentication
This topic explains how to configure client connections and authentication for Apache Cloudberry.
๐๏ธ Configure Row-Level Security Policy
Row-level security (RLS) policy allows the table owner to define access policies that control users' access to specific rows of the table. When a user tries to query or update a table, the RLS policy will be applied first before any user command is executed to truncate the rows in the table.
๐๏ธ Protect Passwords
In its default configuration, Apache Cloudberry saves MD5 or SCRAM-SHA-256 hashes of login users' passwords in the pgauthid system catalog rather than saving clear text passwords. Anyone who is able to view the pgauthid table can see hash strings, but no passwords. This also ensures that passwords are obscured when the database is dumped to backup files.
๐๏ธ Set Password Profile
Profile refers to the password policy configuration, which is used to control the password security policy of users in Apache Cloudberry. You can bind a profile to one or more users to control the password security policy of database users. Profile defines the rules for user management and password reuse. With Profile, the database administrator can use SQL to force some constraints, such as locking accounts after login failures or controlling the number of password reuses.
๐๏ธ Transparent Data Encryption
To meet the requirements for protecting user data security, Apache Cloudberry supports Transparent Data Encryption (TDE).
