Managing users
A user can have roles and grants. A grant is set of privileges on a Security group , while roles are a set of grants on other roles or security groups.
A Security group is named a set of database instances and/or servers.
Four roles are predefined:
| Role | Description |
|---|---|
| Domain Manager | A role that gives privileges to edit the domain configuration. This is to change anything related to the setup of the dbWatch Control Center installation. This role cant be altered, removes, modified or have extra privileges added to it. |
| Security Manager | A role that gives privileges to edit the security system in dbWatch. |
| Super DBA | A role that gives all privileges on all the registered database instances. This role cant be altered, removes, modified or have extra privileges added to it. |
| DBA | A role that, by default, gives all privileges on all the registered database instances. But different from the “Super User” role, this can be changed, and the list of instances can be changed. |
You can also create your own roles.
The normal setup is to give users either the “DBA“ or “Super User” roles, and have the users that also configure security and setup of Control Center have the “Domain Manager”/“Security Manager” role.
For specific privileges look at the Privilege and actions map
It is recommended to enable 2 Factor Authentication for users, see details here .
Users can have an optional expires date
For specific privileges look at the Privilege and actions map