PostgreSQL provides default roles that provide access to privileged capabilities and information.
With the newly-defined ibm-cloud-admin role as one of the default roles in IBM Cloud® Hyper Protect DBaaS, database admins have more privileges and can grant roles to other users or roles.
What is the ibm-cloud-admin role?
When you create a Hyper Protect DBaaS for PostgreSQL service instance in IBM Cloud, you are the admin user and are automatically given the ibm-cloud-admin role.
Why do I need this role?
Hyper Protect DBaaS for PostgreSQL, as a highly secure and managed cloud database service, doesn’t grant database admins the super user role. However, super user privileges are required for many operations. The ibm-cloud-admin role is designed to support you to complete the operations without the super user role.
What can I do with this role?
Resources that are created by users in the ibm-cloud-admin role are not accessible by other users, unless they are granted required permissions.
The biggest difference between the ibm-cloud-admin role user and other users you add to your service instance is the pg_monitor and pg_signal_backend roles. The pg_monitor role provides a set of permissions for monitoring the database server. The pg_signal_backend role provides the ability to send signals to cancel queries and connections initiated by other users except database superusers.
You can grant these two roles to other users or roles.For example, you can grant the pg_monitor role to user deb. You can also grant pg_monitor to all the users with the admin role.
For more information and detailed instructions, see Managing users, roles, and privileges.
More about IBM Cloud Hyper Protect DBaaS
IBM Cloud Hyper Protect DBaaS offers a highly secure and managed databases — including PostgreSQL and MongoDB Enterprise Server — and provides a high level of data confidentiality for your sensitive data in the IBM Cloud.
Go to the IBM Cloud Catalog to try out the 30-day free plan for Hyper Protect DBaaS. You can choose between two database options:
Check out the Getting Started with IBM Cloud Hyper Protect DBaaS and Bring Your Own Key to IBM Cloud Hyper Protect DBaaS videos in the IBM Demos Collection.