Security and Permission
📄️ Manage Roles and Privileges
The Cloudberry Database authorization mechanism stores roles and privileges to access database objects in the database and is administered using SQL statements or command-line utilities.
📄️ Configure Client Authentication
This topic explains how to configure client connections and authentication for Cloudberry Database.
📄️ Configure Row-Level Security Policy
Row-level security (RLS) policy allows the table owner to define access policies that control users' access to specific rows of the table. When a user tries to query or update a table, the RLS policy will be applied first before any user command is executed to truncate the rows in the table.
📄️ Protect Passwords
In its default configuration, Cloudberry Database saves MD5 or SCRAM-SHA-256 hashes of login users' passwords in the pgauthid system catalog rather than saving clear text passwords. Anyone who is able to view the pgauthid table can see hash strings, but no passwords. This also ensures that passwords are obscured when the database is dumped to backup files.
📄️ Set Password Profile
Profile refers to the password policy configuration, which is used to control the password security policy of users in Cloudberry Database. You can bind a profile to one or more users to control the password security policy of database users. Profile defines the rules for user management and password reuse. With Profile, the database administrator can use SQL to force some constraints, such as locking accounts after login failures or controlling the number of password reuses.
📄️ 透明数据加密
为了满足保护用户数据安全的需求,Cloudberry Database 支持透明数据加密(Transparent Data Encryption,简称 TDE)功能。