Requesting from Slack

Open up the p0 request modal by typing the command /p0 request in any Slack channel and select PostgreSQL as the resource:

You'll see an "Access type" field with the option "Role".

• "Role": Select this option if you would like to request access to an existing PostgreSQL role. See Role Requests for details.

Role Requests

This will grant you the role for a certain amount of time and automatically remove the binding when the access expires.

PostgreSQL instance: The SQL instance you would like access to.

Role Name: The PostgreSQL role name is defined to control access and permissions within the database. The "Role Name" is typically associated with specific users or groups and determines their privileges and restrictions within the PostgreSQL instance. Please provide the appropriate "Role Name" associated with your access request; see PostgreSQL Roles for more details.

Reason: Optionally, provide a reason to be communicated to the approver(s).

Then click the button to submit the request, and see Next Steps.

Next Steps

Once you submit the request, you will get a Slack message from the p0 bot confirming your request creation. The p0 bot will also send a message to the approvers in the Slack channel designated by your org admin.

1. If your request is approved, you will receive a message from the p0 bot saying that your access has been granted and letting you know when it will expire. You can go ahead and use the permission.

2. If you are on-call (on a PagerDuty schedule), and your org admin has enabled PagerDuty routing, your access may be automatically approved for 1 hour.

3. After your request is approved, you'll see a "relinquish" button on the Slack message from the p0 bot. You can optionally use this button to let go of your access early if you finish what you want to do before the expiration date. This will revoke the access, and you must make another request if you need it again.

4. If you wait for the access to expire, you will get a message that it has expired once it does.

5. If your request is denied, you'll receive a message.

PostgreSQL Roles

Roles in PostgreSQL are a fundamental component of database access control and permission management. They are used to define and group users, allowing you to control who can access the database and what actions they can perform.

When granting access to a PostgreSQL database, consider the specific role(s) that need access and the required permissions. Roles can be granted various privileges, including SELECT, INSERT, UPDATE, DELETE, CREATE, and more. Careful management of roles and permissions is crucial for maintaining the security and integrity of your database.

PostgreSQL provides a set of predefined roles that provide access to certain, commonly needed, privileged capabilities and information. Refer to https://www.postgresql.org/docs/current/predefined-roles.html for predefined roles.

You are encouraged to create your custom least-privileged roles to use with p0.

Reference: https://www.postgresql.org/docs/current/user-manag.html