User authentication and roles
Managing user authentication and roles in RayDB ensures secure access control and proper permission management for your PostgreSQL clusters.
Teams and Membership
Each cluster in RayDB must belong to a Team. A user can create a team or be invited to one. Team membership determines access control across clusters within the team.
Team Roles
Each team member is assigned one of the following roles:
- Admin: Full access to manage clusters, invite members, and configure settings.
- Member: Can create, manage, and configure clusters but cannot invite new members.
- Viewer: Can only view cluster details without making changes.
Authentication Methods
RayDB supports the following authentication mechanisms:
- Password-Based Authentication: Users authenticate with a username and password.
- Role-Based Access Control (RBAC): Users are assigned roles that determine their permissions within a team.
Managing Users
Creating a New User
- Log in to the RayDB Dashboard.
- Navigate to the Teams section and select your team.
- Open the Members tab.
- Click Invite Member, enter their email, and select a role.
- Click Send Invitation to add the user to the team.
Updating User Credentials
- Users can reset their passwords via the Account Settings tab.
- Admins can change team roles via the Members tab.
Removing a Team Member
- Navigate to the Teams section and select the team.
- Open the Members tab.
- Select the user to remove and click Remove Member.
Best Practices
- Use the Least Privilege Principle: Assign only necessary permissions to users.
- Rotate Credentials Regularly: Ensure passwords are updated periodically.
- Monitor User Activity: Track authentication logs and access patterns for security auditing.
PostgreSQL Roles
Apart from team roles, RayDB also supports PostgreSQL roles for managing database-level access.
For more information on securing access, refer to Firewall Configuration.