Security Parameters
Use these client authentication configuration parameters and general security parameters to configure security.
Parameters | Description |
---|---|
DataSSLParams
|
Enables encryption using SSL on the data channel. The value of this parameter is a comma-separated list of the following:
You cannot set this parameter if the EncryptSpreadComm parameter has not been set. Enabling this parameter requires a restart. Example: SELECT SET_CONFIG_PARAMETER('DataSSLParams', |
DefaultIdleSessionTimeout
|
Indicates a default session timeout value for all users where Example: ALTER DATABASE DEFAULT SET defaultidlesessiontimeout = '300 secs'; |
DoUserSpecificFilteringInSysTables
|
Specifies whether a non-superuser can view details of another user, one of the following:
|
EnableAllRolesOnLogin
|
Automatically enables all roles granted to a user on login, one of the following:
|
EnabledCipherSuites
|
Specifies which SSL cipher suites to use for secure client-server communication. Default Value: This setting excludes weaker cipher suites. For a complete mapping of cipher suite names from JSSE to OpenSSL, see openssl.org. |
|
Enables SSL for the server, set to one of the following:
For example:
ALTER DATABASE DEFAULT SET EnableSSL = '1'; For details, see Implementing SSL. |
|
Enables encryption on the control channel. The value of this parameter is a string set to one of the following:
Enabling this parameter requires a restart. If the parameter is empty, encryption will not occur. Example:
SELECT SET_CONFIG_PARAMETER('EncryptSpreadComm', 'vertica'); |
GlobalHeirUserName
|
A string that specifies which user inherits objects after their owners are dropped. This setting ensures preservation of data otherwise lost. Set this parameter to one of the following string values:
See below for an example. |
RequireFIPS
|
Specifies whether the FIPS mode is enabled or disabled. You cannot modify this parameter. The value of this parameter matches the contents of the file 0 - Disabled FIPS 1 - Enabled FIPS For details, see Implement FIPS on the Server. |
SecurityAlgorithm
|
Sets the algorithm for the function that hash authentication uses, one of the following:
For example: ALTER DATABASE DEFAULT SET SecurityAlgorithm = 'SHA512'; Default Value: |
SSLCA
|
Sets the SSL certificate authority. Include the contents of the certificate authority
ALTER DATABASE DEFAULT SET SSLCA = 'contents of root.crt file';
|
SSLCertificate
|
Sets the SSL certificate. Include the contents of the For example:
ALTER DATABASE DEFAULT SET SSLCertificate = 'contents of server.crt file';
|
|
The server's private key, visible only to dbadmin users. This parameter is set to the contents of the
ALTER DATABASE DEFAULT SET SSLPrivateKey = 'contents of server.key file';
|
Examples
Set security parameter value GlobalHeirUserName
:
=> \du List of users User name | Is Superuser -----------+-------------- Joe | f SuzyQ | f dbadmin | t (3 rows) => ALTER DATABASE DEFAULT SET PARAMETER GlobalHeirUserName='SuzyQ'; ALTER DATABASE => \c - Joe You are now connected as user "Joe". => CREATE TABLE t1 (a int); CREATE TABLE => \c You are now connected as user "dbadmin". => \dt t1 List of tables Schema | Name | Kind | Owner | Comment --------+------+-------+-------+--------- public | t1 | table | Joe | (1 row) => DROP USER Joe; NOTICE 4927: The Table t1 depends on User Joe ROLLBACK 3128: DROP failed due to dependencies DETAIL: Cannot drop User Joe because other objects depend on it HINT: Use DROP ... CASCADE to drop the dependent objects too => DROP USER Joe CASCADE; DROP USER => \dt t1 List of tables Schema | Name | Kind | Owner | Comment --------+------+-------+-------+--------- public | t1 | table | SuzyQ | (1 row)