Security Parameters
Use these client authentication configuration parameters and general security parameters to configure security.
Parameters | Description |
---|---|
DefaultIdleSessionTimeout |
Indicates a default session timeout value when the parameter idlesessiontimeout is not set for the user. Example: ALTER DATABASE mydb SET defaultidlesessiontimeout = '300 secs'; |
EnableAllRolesOnLogin |
Automatically enables all roles granted to a user once that user logs in. Enabling this eliminates the need for the user to run SET ROLE <rolenames>. Valid values are: 0 - does not automatically enable roles 1 - automatically enables roles Default Value: 0 |
EnabledCipherSuites |
Indicates which SSL cipher-suites to use for secure client-server communication. Default Value: This setting excludes weaker cipher suites. Find a complete mapping of cipher suite names from JSSE to OpenSSL at openssl.org. |
EnableSSL |
Enables SSL for the server. See Implementing SSL. Default Value: 0 Example:
ALTER DATABASE mydb SET EnableSSL = '1'; |
GlobalHeirUserName |
The user name which inherits objects previously owned by dropped users (using CASCADE). This prevents the loss of data owned by dropped users. If the user name indicated here does not exist, the system automatically creates the user. Valid Values: <auto> (default) - re-parents objects to the dbadmin user by default. Note: When setting to the default, include the angle brackets < >. <username> - re-parents objects to the username you enter. Example: ALTER DATABASE mydb SET PARAMETER GlobalHeirUsername='userheir1'; If you do not set this parameter, the objects of dropped users do not get re-parented. |
RequireFIPS |
This parameter indicates whether the FIPS mode is enabled or disabled. Upon startup Vertica automatically sets this parameter, and you cannot modify it. 0 - Disabled FIPS 1 - Enabled FIPS The value of this parameter matches the contents of the file, crypto.fips_enabled. See Implement FIPS on the Server. |
RestrictSystemTables |
Prohibits non-database administrator users from viewing sensitive information in system tables. Valid values are: 0 - Allows all users to access system tables 1 — Limits access to system tables to database administrator users Default Value: 0 |
SecurityAlgorithm |
Sets the algorithm for the function that hash authentication uses MD5 or SHA-512. Default Value: Example: ALTER DATABASE mydb SET SecurityAlgorithm = 'SHA512'; |
SSLCA |
Sets the SSL certificate authority. Default Value: No default value Example:
ALTER DATABASE mydb SET SSLCA = '<contents of certificate authority root.crt file>'; Include the contents of the certificate authority, |
SSLCertificate |
Sets the SSL certificate. If your SSL certificate is a certificate chain, cut and paste only the top-most certificate of the certificate chain to set this value. Default Value: No default value Example:
ALTER DATABASE mydb SET SSLCertificate = '<contents of server.crt file>'; Include the contents of the Note: This parameter gets set automatically during upgrade to 7.1 if you set EnableSSL=1 prior to the upgrade. |
SSLPrivateKey |
Specifies the server's private key. The value of this parameter is visible only to dbadmin users. Default Value: No default value Example:
ALTER DATABASE mydb SET SSLPrivateKey = '<contents of server.key file>'; Include the contents of the Note: This parameter gets set automatically during upgrade to 7.1 if you set EnableSSL=1 prior to the upgrade. |
View parameter values with the statement, SHOW DATABASE
. You must be a database superuser to view the value:
SHOW DATABASE mydb SSLCertificate;