cancel
Showing results for 
Search instead for 
Did you mean: 

PEM Security Setups

EDB Team Member

[Section A]

Create New/separate user logins for pem (instead of everyone using the default [postgres login]

1) Under the PEM Server Directory branch navigate to the group/login role from under the server with the pem database

2) Under your database in the branch to create a new login role – create new login ie. Dbatest

3) Assign login privileges

4) Assign membership of pem_user

 

[Section B]

Create Secure Server connection to limit monitoring access

Right Clink Create new server connection on Postgres Enterprise Manager Server branch.

  • Specify the name of a ‘team’ The team name provided will be used to control access to this server connection. (ie. UAT95, Prod etc…)

 

[Section C]

Create Team Roles to limit server access

[This can be used to allow specific users to only monitor specific servers]

  • Under the Postgres Enterprise Manager Server branch navigate to the group/login role from under the database navigate to create login/group roles.

[Note: that the permissions given will distinguish if you are creating a login or a group. A group must have no privileges, only assign a membership] [login which is a user login will have privileges]

Create the team role used in section B ‘uat95’ or the name you chose

     1b)   For the team role do not assign any privileges, only assign membership for pem_user, or pem_admin or pem_agent for specific access control within pem

 

[Section D]

Create New/separate secure login with restricted access to specific servers

  • Complete new user login steps from section A
  • Assign additional membership – select the team role name created in section c (ie. ‘uat95’)

[This user will only be able to see pem server and the server defined with role uat95]

 

 

[Section E]

PEM Role Definitions

 

 

PEM User

Read-only users; they may view dashboards and use tools like the Postgres Expert and Capacity Manager, but they will not be able to install agents or configure the server, directory, alerts or probes. 

 

PEM Admin

The same read permissions as members of the pem_user role, plus sufficient privileges to configure the server, directory, alerts, and probes. 

 

 

PEM Agent

Explicitly granted the CREATE ROLE privilege. In addition to the permissions granted through membership in the pem_admin role, the CREATE ROLE privilege allows an administrator to create additional PEM users, and to install and register new agents.