Dbadmin authentication access

The dbadmin user must have access to the database at all times, and its authentication record should:.

The dbadmin user must have access to the database at all times, and its authentication record should:

  • Use one of the following authentication methods:

    • TRUST with a LOCAL access method

    • HASH

  • Have a high priority (e.g. 10,000) so it supersedes other authentication records like PUBLIC.

LOCAL TRUST

The following example creates an authentication record v_dbadmin_trust with a high priority and grants it to the dbadmin user. The combination of the TRUST method and LOCAL access method allow the dbadmin to authenticate to the database without a password if the connection is local:

=> CREATE AUTHENTICATION v_dbadmin_trust METHOD 'trust' LOCAL;
=> ALTER AUTHENTICATION v_dbadmin_trust PRIORITY 10000;
=> GRANT AUTHENTICATION v_dbadmin_trust TO dbadmin;

HASH

The following example creates an authentication record v_dbadmin_hash and grants it to the dbadmin user. The HASH method indicates that the dbadmin's password is hashed with the database's SECURITY ALGORITHM. The HOST '0.0.0.0/0' access method indicates that the dbadmin can connect remotely from any IPv4 address:

=> CREATE AUTHENTICATION v_dbadmin_hash METHOD 'hash' HOST '0.0.0.0/0';
=> ALTER AUTHENTICATION v_dbadmin_hash PRIORITY 10000;
=> GRANT AUTHENTICATION v_dbadmin_hash TO dbadmin;

If you want to authenticate as the dbadmin from a local connection, but want to use the authentication record with the HOST access method, specify the --host option with the hostname or IP address of the database:

$ vsql database_name user --host hostname_or_ip;