P0 App Documentation
Sign up for FreeSandbox
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
      • πŸ“¦AWS
        • Requesting Access
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Integrate P0 with Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • πŸ”ŒSIEM Integrations
      • Splunk HEC Setup
  • P0 Management
    • 🎩Role-Based Access Control
Powered by GitBook
On this page
  • Requesting from Slack
  • Role Requests
  • Next Steps
  • PostgreSQL Roles
  1. Integrations
  2. Resource integrations
  3. PostgreSQL

Requesting Access

How to request access to PostgreSQL roles through the P0 bot.

PreviousPostgreSQLNextSnowflake

Last updated 2 months ago

Requesting from Slack

Open up the p0 request modal by typing the command /p0 request in any Slack channel and select PostgreSQL as the resource:

You'll see an "Access type" field with the option "Role".

  • "Role": Select this option if you would like to request access to an existing PostgreSQL role. See Role Requests for details.

Role Requests

This will grant you the role for a certain amount of time and automatically remove the binding when the access expires.

PostgreSQL instance: The SQL instance you would like access to.

Role Name: The PostgreSQL role name is defined to control access and permissions within the database. The "Role Name" is typically associated with specific users or groups and determines their privileges and restrictions within the PostgreSQL instance. Please provide the appropriate "Role Name" associated with your access request; see PostgreSQL Roles for more details.

Reason: Optionally, provide a reason to be communicated to the approver(s).

Then click the button to submit the request, and see Next Steps.

Next Steps

Once you submit the request, you will get a Slack message from the p0 bot confirming your request creation. The p0 bot will also send a message to the approvers in the Slack channel designated by your org admin.

  1. If your request is approved, you will receive a message from the p0 bot saying that your access has been granted and letting you know when it will expire. You can go ahead and use the permission.

  2. If you are on-call (on a PagerDuty schedule), and your org admin has enabled PagerDuty routing, your access may be automatically approved for 1 hour.

  3. After your request is approved, you'll see a "relinquish" button on the Slack message from the p0 bot. You can optionally use this button to let go of your access early if you finish what you want to do before the expiration date. This will revoke the access, and you must make another request if you need it again.

  4. If you wait for the access to expire, you will get a message that it has expired once it does.

  5. If your request is denied, you'll receive a message.

PostgreSQL Roles

Roles in PostgreSQL are a fundamental component of database access control and permission management. They are used to define and group users, allowing you to control who can access the database and what actions they can perform.

When granting access to a PostgreSQL database, consider the specific role(s) that need access and the required permissions. Roles can be granted various privileges, including SELECT, INSERT, UPDATE, DELETE, CREATE, and more. Careful management of roles and permissions is crucial for maintaining the security and integrity of your database.

Note that, for security reasons, P0 cannot manage roles that have the superuser status (also called the superuser attribute); this means that it is not possible to request access to a superuser role using P0, and such roles will not be listed as available roles in P0. Notably, for GCP CloudSQL-based Postgres instances, by default cloudsqladmin is a superuser role, but cloudsqlsuperuser is not (though it does grant plenty of permissions otherwise).

You are encouraged to create your custom least-privileged roles to use with p0.

PostgreSQL provides a set of predefined roles that provide access to certain, commonly needed, privileged capabilities and information. Refer to for predefined roles.

Reference:

πŸ”‘
πŸ”‹
https://www.postgresql.org/docs/current/predefined-roles.html
https://www.postgresql.org/docs/current/user-manag.html