Security and Permission

📄️ Manage Roles and Privileges

The Cloudberry Database authorization mechanism stores roles and privileges to access database objects in the database and is administered using SQL statements or command-line utilities.

📄️ Configure Client Authentication

This topic explains how to configure client connections and authentication for Cloudberry Database.

📄️ Configure Row-Level Security Policy

Row-level security (RLS) policy allows the table owner to define access policies that control users' access to specific rows of the table. When a user tries to query or update a table, the RLS policy will be applied first before any user command is executed to truncate the rows in the table.

📄️ Protect Passwords

In its default configuration, Cloudberry Database saves MD5 or SCRAM-SHA-256 hashes of login users' passwords in the pgauthid system catalog rather than saving clear text passwords. Anyone who is able to view the pgauthid table can see hash strings, but no passwords. This also ensures that passwords are obscured when the database is dumped to backup files.

📄️ Set Password Profile

Profile refers to the password policy configuration, which is used to control the password security policy of users in Cloudberry Database. You can bind a profile to one or more users to control the password security policy of database users. Profile defines the rules for user management and password reuse. With Profile, the database administrator can use SQL to force some constraints, such as locking accounts after login failures or controlling the number of password reuses.

📄️ Transparent Data Encryption

To meet the requirements for protecting user data security, Cloudberry Database supports Transparent Data Encryption (TDE).