Roles for managing PEM v7

You can use the Login/Group Role dialog to allow a role with limited privileges to access PEM features such as the Audit Manager, Capacity Manager, or SQL Profiler. PEM pre-defined roles allow access to PEM functionality; roles that are assigned membership in these roles can access the associated feature.

Role dialog membership tab

When defining a user, use the Membership tab to specify the roles in which the new user is a member. The new user will share the privileges associated with each role in which it is a member. For a user to have access to PEM extended functionality, the role must be a member of the pem_user role and the pre-defined role that grants access to the feature. Use the Roles field to select pre-defined role names from a drop down list.

Check the checkbox to the right of the role name to allow administrative access to the functionality.

The SQL tab displays the SQL command that the server will execute when you click Save.

Role based membership example

The examples shown above creates a login role named acctg_clerk that will have access to the Audit Manager; the role can make unlimited connections to the server at any given time.

You can use PEM pre-defined roles to allow access to the functionality listed in the table below:

ValueParent RoleDescription
pem_super_adminRole for administration/management/configuration of all the objects within Postgres Enterprise Manager console.
pem_adminpem_super_adminRole for administration/management/configuration of all the agents, servers, or monitored objects that are visible to a user having pem_admin role. A user with pem_admin role can view and manage only those objects where this role has been mentioned in the Team field under the server's properties.
pem_userRole for having read-only access to all the agents, servers, or monitored objects that are visible to a user having pem_user role. A user with pem_user role can view only those objects where this role has been mentioned in the Team field under the server's properties.
pem_configpem_adminRole for configuration management of Postgres Enterprise Manager.
pem_componentpem_adminRole to run/execute all wizard/dialog based components.
pem_rest_apipem_adminRole to access the REST API.
pem_server_service_managerpem_adminRole for allowing to restart/reload the monitored database server (if server-id provided).
pem_manage_schedule_taskpem_adminRole to configure the schedule tasks.
pem_manage_alertpem_adminRole for managing/configuring alerts, and its templates.
pem_config_alertpem_config, pem_manage_alertRole for configuring the alerts on any monitored objects.
pem_manage_probepem_adminRole to create, update, delete the custom probes, and change custom probe configuration.
pem_config_probepem_config, pem_manage_probeRole for probe configuration (history retention, execution frequency, enable/disble the probe) on all visible monitored objects.
pem_database_server_registrationpem_adminRole to register a database server.
pem_comp_postgres_expertpem_componentRole to run the Postgres Expert.
pem_comp_auto_discoverypem_componentRole to run the Auto discovery of a database server dialog.
pem_comp_log_analysis_expertpem_componentRole to run the Log Analysis Expert.
pem_comp_sqlprofilerpem_componentRole to run the SQL Profiler.
pem_manage_efmpem_adminRole to manage Failover Manager functionalities.
pem_comp_capacity_managerpem_componentRole to run the Capacity Manager.
pem_comp_log_managerpem_componentRole to run the Log Manager.
pem_comp_audit_managerpem_componentRole to run the Audit Manager.
pem_comp_tuning_wizardpem_componentRole to run the Tuning Wizard.
pem_comp_bartpem_componentRole to configure and manage BART server.

Note

The difference between pem_admin role and pem_super_admin role is that a user with pem_admin role can view and manage only those objects where the role has been mentioned in the Team field under the server's properties, while a user with pem_super_admin role can view and manage all the objects within Postgres Enterprise Manager console.