Security and roles v4
Beyond basic package installation and configuration, HARP requires Postgres permissions to operate. These allow it to gather information about Postgres or BDR as needed to maintain node status in the consensus layer.
Postgres permissions
Create the role specified in the node.dsn
parameter in one
of the following ways:
CREATE USER ...
CREATE ROLE ... WITH LOGIN
This syntax ensures the role can log into the database to gather diagnostic information.
Similarly, an entry must exist in pg_hba.conf
for this role. You can do this in
many ways. As an example, consider a VPN subnet where all database hosts are
located somewhere in 10.10.*
. In such a case, the easiest approach is to add
a specific line: