Defining access policies

Govern how users connect to the cluster and manage global privileges through a centralized administrative suite. The Access Management panel on the left sidebar allows you to configure security rules and system thresholds that are typically managed via command-line configuration files.

Governing authentication rules and the cluster firewall

Monitor the rules that determine who can connect to the database and from where using the pg_hba.conf tab.

• Review the Total Rules, Trust Rules, MD5 Rules, and Reject Rules counts in the header. A high Trust Rules count indicates rules that allow passwordless access. Consider transitioning these to scram-sha-256 or md5 authentication to secure the cluster.
• Audit the pg_hba.conf Entries table to ensure that only authorized address ranges are permitted.
• A Security Notice alert appears automatically when trust-based rules are detected.

Managing cluster identities and global privileges

Enforce the principle of least privilege and monitor the security posture of your user landscape using the Roles tab.

• Monitor the Superusers count in the header to ensure unrestricted access is kept to an absolute minimum. If this count increases, audit the Database Roles table to identify which accounts were granted unrestricted access.
• Use the Total Roles, Login Roles, and Group Roles header metrics to understand the composition of your role landscape. The Login/Group Roles column in the table distinguishes login-capable accounts from group roles at a glance.
• Inspect the Attributes column in the Database Roles table to verify which roles can perform sensitive actions like CREATEDB or CREATEROLE. Monitor the Conn. Limit column to prevent any single role from exhausting the cluster session pool.
• Create, edit, or delete a role by using the action buttons in the Database Roles table. The Members and Member Of columns show role membership relationships at a glance, and the create and edit form includes a Role Membership section for managing these relationships directly.

Auditing system settings

Verify the operational thresholds and performance tunings of your cluster with the System Settings tab.

• Use the search interface or the category filter to find specific parameters.
• Check the Value, Unit, Source, and Source File columns to verify the current value of a setting and where it was set.

Modifying authentication rules

Update your connection rules without leaving the management console with the HBA Editor tab.

• Use the interactive editor to define new type, database, user, and method combinations. Since pg_hba.conf is parsed sequentially, ensure your more specific rules are placed above more general ones.
• Local mode (when WEM is on the same host as the coordinator): select Save Changes to write the file and create an automatic backup, then click Reload Config in the page header to apply the changes without interrupting active sessions.
• Remote mode (when WEM is on a different host): the editor can't access the file directly and reconstructs the current configuration from database entries. Select Generate Commands to open the Apply pg_hba.conf Changes dialog, which provides shell commands — including a backup step and a pg_reload_conf() call — that you copy and run directly on the coordinator.