Configuring Authentication for the Command Center Console
Configuring Authentication for the Command Center Console
The installation utility created the Greenplum Command Center database, enabled the data collection agents, and created a gpmon superuser. This is the Greenplum role used to manage the Command Center components and data within the Greenplum environment. The gpmon role is configured to use md5-encrypted password authentication to connect to the Greenplum Database instance. The gpmon role must be configured in pg_hba.conf to allow access to every database that will be monitored using the Command Center.
Greenplum Command Center does not accept logins from the gpadmin user, or from local users configured with trust authentication in the pg_hba.conf file. Allowing trust authentication for remote logins is discouraged because it is insecure.
There are three user levels in Greenplum Command Center.
- Regular user – Regular users may only view their own database queries and do not have access to the Administrative tab.
- Operator – Operators have access to more functionality in the Command Center Console than regular users, but they do not have to be a Greenplum Database superuser. Operators can view and cancel all queries and have limited access to administrative tasks. The Operator role must be created and users must be assigned to that role. The procedures are described below.
- Superuser – A Greenplum Database superuser can use all GPCC features, including viewing information for all database queries, system metrics, and administrative tasks.
The Command Center Console is configured by default to require md5-encrypted password authentication, so make sure each GPCC user role has an md5-encrypted password set.
If you are using Greenplum Database version 4.2.1 or higher, you have the option of using SHA-256-encrypted password authentication. You can specify SHA-256 authentication by changing the password_hash_algorithm server parameter. This parameter can be set either system-wide or on a session level.
Any other Greenplum Database users with appropriate privileges can access Command Center.
To create a new Command Center user, first you have to create a Greenplum Database user, then edit the pg_hba.conf file to give that user access to Command Center.
The following are steps to create new Command Center users.
See the Greenplum Database Administrator Guide for more detailed information about creating database users and roles.