Users, roles, and privileges in MC

If you are a Management Console (MC) administrator, you can use MC Settings to grant MC users privileges to one or more Vertica users.

A Management Console (MC) user is separate from a Linux system user or a Vertica server database user. An MC user account exists only within the MC. Each MC user account requires two sets of privileges:

  • MC configuration roles that grant access to MC functionality and user administration.
  • Database privileges that grant access to a database that is managed by the MC.

Default user

The MC SUPER administrator account is the only default user, and it is created when you configure the MC. The MC SUPER administrator is the only user that can set up federated servers or identity provider (IDP) user authentication. For additional details about MC SUPER administrator privileges, see Configuration roles in MC.

Authorization

You can control what a user is authorized to access in the MC and what actions a user can perform with their associated databases.

Configuration roles

Each MC configuration role is a predefined with a set of privileges that control what Management Console features the user can access. Configuration privileges include the following:

  • Modify MC settings
  • Create and import Vertica databases
  • Restart the MC
  • Create a Vertica cluster with MC
  • Create and administer user profiles

For details about each role, see Configuration roles in MC.

Database privileges

Database privileges are granted with predefined roles that determine what a user can access and the available actions on a Vertica database that is created by or imported to the MC. Database privileges include the following:

  • View the database cluster state
  • Access query and session activity
  • Monitor database messages
  • Read log files
  • Replace cluster nodes
  • Stop databases

For details about each role, see Database privileges.

Authentication

The Management Console supports multiple ways to authenticate users to the Management Console. The MC supports the following authentication methods:

  • Local: Users are authenticated internally in the MC.
  • Federated: Authenticate MC users with a Federation server.
  • Identity Provider (IDP): Authenticate MC users with your corporate identity provider.

For details about implementing each authentication method, see User authentication in MC.

In this section