How does one enable access control (user login, roles, etc.) in YugaByte SQL?

How does one enable access control/client authentication in YugaByte DB? Given that YugaByte’s SQL is based on/compatible with Postgres, is there a notion of pg_hba.conf file (similar to Postgres) or is there an alternate way to specify this configuration in YugaByte?

Hi @divingdiana,

To enable authentication, you can start tservers using gflag ysql_enable_auth=true. Note that this will require users to login using a password. You’ll also need to create the roles and passwords before starting tservers using this flag.

If you want more fine grained control similar to pg_hba, you can start tservers using gflag ysql_hba_conf. For example,
--ysql_hba_conf="host all all trust,host all all ::0/0 trust"
Replace the rules in the above line with the ones that you need. Essentially, this is a comma-separated version of the lines that you’d normally put in pg_hba.conf.

1 Like