Request a Demo
7.1. Manager and Agent
Prev UpChapter 7. SecurityHome Next

7.1. Manager and Agent #

The manager is a standard application software and does not require privileged access to operating system features. The manager service can operate fully when running under a non-privileged operating system user.

To work with the repository, the manager needs a separate database where service information is stored. Also, the DBMS user with the following rights is required:

  • The right to LOGIN to the instance.

  • The repository database rights:

    • the ownership of the database

    • the right to connect to the database

    • no restrictions on access rights within the database (to perform migrations in the data schema)

The agent is a standard application software that requires the following for full operation:

  • access to operating system features

  • access to the managed DBMS instance

To implement most features, the agent only requires the access level of a non-privileged operating system user. There is a small number of features that require privileged access. To maintain this functionality, additional system configuration and granting of the necessary rights are required. Without the configuration and privileges, the agent cannot perform operations, which adversely affects PPEM functionality. It is recommended to complete all necessary configurations before running the agent.

Access to the managed DBMS instance can be divided into the following parts:

  • Access to files and directories of the DBMS instance, which is provided using operating system access levels. The user on whose behalf the agent is running must have access to the main data directory.

    Note

    By default, the main data directory is initialized by the postgres owner with 0600 rights, so most DBMS installations restrict access to this configuration. Therefore, the optimal operational approach is to run the agent under the postgres system user.

  • Access to the SQL interface of the DBMS instance, for which the agent requires the DBMS user with the following rights:

    • the right to LOGIN to the instance

    • the right to connect to all instance databases

    • the membership of the pg_monitor and pg_signal_backend roles

Prev Up Next
Chapter 7. Security Home 7.2. Networking
epub pdf