Roles Management options:
This is list of options inside Roles Management in Data Sources.
These options are inside given data source configuration file. For example: postgresTest-source_1.conf. The filename depends on the name of the data source → nameOfDataSource.conf.
⚠️ Note: You can use SHIFT with mouse scroll to scroll horizontally!
| Key | Requirements | Conf File field | Description | Possible values | Default |
|---|---|---|---|---|---|
| Database-Native Session Cleanup | - | databaseNativeSessionCleanup | By default, the Central Manager (CM) is responsible for clearing ephemeral user sessions. More information can be found in roles management | Boolean | - |
| Require Justification Pattern | - | justification.isRequired | Allows to make all session requests justification for current data source require to match given pattern. Toggling this option will override any global setting under Admin/Portal. Leaving 'regex pattern' empty can be used to disable the global setting. Invalid justification message should be provided to inform the requesting user how should justification look like. | Boolean | false |
| Regex Pattern | Require Justification Pattern | pattern | Provide a regex pattern that justification has to match. Ignored if empty. | String | - |
| Invalid justification message | Require Justification Pattern | errorMessage | Error message explaining what pattern should the justification match. | String | - |
| Filter system roles | - | filterDefinedRoles | If selected, predefined system roles for databases will not be displayed on the roles names list. | Boolean | false |
Next part of this section is used to manage roles in the database. In the configuration for a single entry with a role, you can specify a notification alias associated with an email group. This group will be informed when, for example, a session is requested for a particular role. Additionally, there are other options like the one to set the number of approvals needed to approve a specific role.
| Key | Requirements | Conf File field | Description | Possible values | Default |
|---|---|---|---|---|---|
| Role Name | - | roleName | Used to select a role from the database for which we want to create a configuration. | String | - |
| Notification Alias | - | notificationAlias | Here, you indicate the notification entry created in the Admin tab, which will be used to notify users associated with it when an action concerns the specified role. After clicking on the envelope icon next to it, you can view the list of emails associated with the specified notification. | String | - |
| Default Time | - | defaultTime | Specifies the default session duration for the given role. | Integer | 30 |
| Maximum Time | - | maximumTime | Determines the maximum time for which a particular role can be requested. Must be greater than default time. | Integer (see desc.) | 60 |
| Approvals Needed | - | approvalsNeeded | Used to specify the number of approvals required for the requested role to be approved. The default value is 1. You cannot set a value higher than the number of emails associated with the specified notification alias. If no emails are associated with the notification, the value is set to 0, and it cannot be changed. | Integer | 0 or 1 (see desc.) |
| Special Roles | ( Postgres only ) | specialRoles | Check to allow for special postgres roles present in this role such as 'rolsuper' or 'rolcreaterole' should be inherited. | Boolean | false |