Verify the security of database users and accounts used with vRealize Automation.

Postgres User

The postgres linux user account is tied to the postgres database superuser account role, by default it is a locked account. This is the most secure configuration for this user as it is only accessible from the root user account. Do not unlock this user account.

Database User Account Roles

The default postgres user account roles should not be utilised for uses outside of application functionality. In order to support non-default database review or reporting activities, an additional account should be created and password appropriately protected.

Run the following script in the command line:

vcac-vami add-db-user newUsername newPassword

This will add a new user and a password provided by the user.

Note:

This script must be ran against the master postgres database in the cases when master-slave HA postgres setup is configured.