Table of Contents Previous Next


4 General Database Administration : 4.3 Managing Security

4.3 Managing Security
When you connect to the PEM server, you must provide role credentials that allow access to the PostgreSQL database on which the PEM server stores data. By default, the postgres superuser account is used to initially connect to the server, but it is strongly recommended (for both security and auditing purposes) that individual roles are created for each connecting user.
You can use the PEM Query Tool, a command line client (like psql), or the PEM client Create – Login/Group Role dialog to create a role. To access the Create – Login/Group Role dialog, connect to the server with the PEM client, expand the tree control, and right-click on the Login/Group Roles node; then, select Login Role… from the Create menu (see Figure 4.3).
C:\Users\susan\Desktop\Screen Shot 2017-11-09 at 10.00.23 AM.png
Use the CreateLogin/Group Role dialog (see Figure 4.4) to define the role. When you've finished, click Save to save the new role definition.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\93baab47\Screen Shot 2017-11-09 at 10.03.32 AM.png
To modify the properties of an existing login role, right click on the name of a login role in the tree control, and select Properties from the context menu. To delete a login role, right click on the name of the role, and select Delete/Drop from the context menu.
Use the Group Roles node (located beneath the name of each registered server in the PEM tree control) to create and manage group roles. Options on the context menu provide access to a dialog that allows you to create a new role or modify the properties of an existing role. You can find more information about creating roles at:
When you register a server for monitoring by PEM, you can specify a Team role that will be associated with the server. A Team role is a group role that can be used to allow or restrict access to one or more monitored servers to a limited group of role members. The PEM client will only display a server with a specified Team to those users who are:
To open the New Group Role dialog and create a team role, right-click on the Group Roles node of the tree control and select New Group Role… from the context menu. When the New Group Role dialog opens, use the fields provided to specify the properties of the team role. For more information about creating a Team role, see the PEM Installation Guide, available at:
A role must be granted sufficient privileges before accessing, executing, or creating any database object. PEM allows you to assign (GRANT) and remove (REVOKE) object permissions to group roles or login accounts using the graphical interface of the PEM client.
The PEM client also contains a Grant Wizard (accessed through the Tools menu) that allows you to manage many object permissions at once.

4 General Database Administration : 4.3 Managing Security

Table of Contents Previous Next