This article describes Postgres user and role management within Crunchy Bridge.
Each Postgres instance provisioned within Crunchy Bridge will by default receive at least 3 Postgres roles.
Postgres role - This is your Postgres super user account. Administrators within the team have access to this role. It is not recommended to connect to your application with this role. Intended use of the Postgres role is for administrative functionality of users and permissions of your database. The Postgres user can enable new extensions. By default auditing with pgaudit is enabled for the Postgres role.
Application role - This is a role created that is intended to be connect to your application. Administrators and managers within the team have access to this role. This role has standard permissions to create/modify/destroy tables, insert data, and perform most general operations against your database. By default auditing of the commands run by this role within your Postgres database are disabled.
Individual user roles - On Crunchy Bridge, all members of a team receive a unique user credential to connect to their Crunchy Bridge database. Default permissions for the user role is defined by the "Default database role access" in the Team Settings. This is set when a team is initially created and can be modified by a team administrator:
To change permissions on existing roles or for more fine-grained control over
permissions, an administrator with the
postgres user role can connect and
change the privileges for a specific role. For example, assuming the default for
new members had been changed to Write access but you wish to restrict a
particular role to read-only access, an administrator could run the following
REVOKE crunchy_write FROM <user_role>; GRANT crunchy_read TO <user_role>;
For more information on team management see the team article.