Granting Database Access to MC Users
If you did not grant an MC user a database-level role when you created the user account, you can do so in the User Management tab in MC Settings.
Granting the user an MC database-level role associates the MC user with a database user's privileges and ensures that the MC user cannot do or see anything not allowed by the privileges set up for the user account on the server database. When that MC user logs in to MC, his or her MC privileges for database-related activities are compared to that user's privileges on the database itself. Only when the user has both MC privileges and corresponding database privileges will the operations be exposed in the MC interface.
Prerequisites
Before you grant database access to an MC user, see the prerequisites in Creating an MC User.
Grant a Database-Level Role to an MC user
- Log in to Management Console as an administrator and navigate to MC Settings > User management.
- Select an MC user and click Edit.
- Verify the MC Configuration Privileges are what you want them to be. NONE is the default.
-
Next to the DB access levels section, click Add and provide the following database access credentials:
- Choose a database. Select a database from the list of MC-discovered (databases that were created on or imported into the MC interface).
- Database username. Enter an existing database user name or, if the database is running, click the ellipsis […] to browse for a list of database users, and select a name from the list.
- Database password. Enter the password to the database user account (not this username's password).
- Restricted access. Choose a database level (ADMIN, IT, or USER) for this user.
- Click OK to close the Add permissions dialog box.
- If the Vertica database is configured to require TLS, select Yes in the Use TLS Connection drop-down. MC launches the Certificates wizard to let you configure TLS. See Completing the MC Certificates Wizard.
- Optionally change the user's Status (enabled is the default).
- Click Save.
How MC Validates New Users
After you click OK to close the Add permissions dialog box, MC tries to validate the database username and password entered against the selected MC-managed database or against your organization's LDAP directory. If the credentials are found to be invalid, you are asked to re-enter them.
If the database is not available at the time you create the new user, MC saves the username/password and prompts for validation when the user accesses the Database and Clusters page later.