Roles for managing PEM

Users that are members of the pem_user role can access PEM web interface; they may view dashboards, change the database server connection options, but they will not be able to install agents or configure the server directory, alerts, probes, or run any of the wizard/dialog based components of PEM.

users that are a member of one of the following roles have permissions/privileges to manage/configure the PEM or to run one, or more specific component.

Role Parent Roles Permissions/Previleges
pem_comp_postgres_expert pem_component
pem_comp_log_analysis_expert pem_component
pem_comp_sqlprofiler pem_component
pem_manage_efm pem_admin
  • Replace the cluster master using EFM
pem_comp_capacity_manager pem_component
pem_comp_log_manager pem_component
pem_comp_audit_manager pem_component
pem_comp_package_deployment pem_component
pem_comp_streaming_replication pem_component
pem_comp_tuning_wizard pem_component
pem_comp_auto_discovery pem_component
  • Register the database server discovered by the PEM Agents by running Auto Discovery dialog
pem_server_service_manager pem_admin
  • Access the server service for restart/reload purpose.

NOTE: Some roles pem_comp_log_manager, pem_comp_tuning_wizard, pem_comp_streaming_replication, pem_comp_audit manager inherit this role for accessing the service of the database server.

pem_manage_schedule_task pem_admin
  • View, delete the scheduled tasks created by different components of Postgres Enterprise Manager.

NOTE: Users who has pem_server_service_manager, pem_comp_sqlprofiler and pem_manage_efm inherits this role automatically, as they create a scheduled tasks for different purposes.

pem_component pem_admin
  • Run all the components based on dialog/wizard.
pem_config_alert pem_config, pem_manage_alert
  • Define the alerts on monitored objects.
pem_manage_alert pem_admin
  • Define/modify the user-defined alert templates.
pem_config_probe pem_config, pem_manage_probe
  • Change the execution frequency, enable/disable the probe on applicable monitored objects (i.e. server, agent, database, etc.), and the history retention period for the probes for a particular monitored object.
pem_manage_probe pem_admin
  • Define/modify the user-defined probes.
pem_database_server_registration pem_admin
  • Register a database server with Postgres Enterprise Manager.
pem_config pem_admin
  • Run the Server Configuration dialog, and modify the configurations of Postgres Enterprise Manager.
  • Inherits the permissions, privileges of the pem_config_alert and pem_config_probe roles.
pem_rest_api pem_admin
  • Access to the REST API of Postgres Enterprise Manager.
pem_admin pem_super_admin
  • Access to all the active servers, and agents visible to this user.
  • Bind an agent with a database server for monitoring.
  • Inherits the permissions, privileges for the pem_config, pem_manage_alert, pem_manage_probe, pem_component, pem_database_server_registration, pem_manage_schedule_task, pem_server_service_manager, pem_manage_efm, pem_rest_api roles.
pem_super_admin  
  • Access to all the active servers, and agents
  • Define the team for the servers, and agents by changing Team field in the server, and agent properties dialog.
  • Inherits all permissions and privileges of pem_admin role.

NOTE: Parent role automatically inherits the permissions and privileges of the children role.