Users and Roles

This document describes the types of users and roles that exist, and can be created, for Yellowbrick deployments. Administrator accounts can be set up at multiple levels, based on a set of predefined admin roles. Database user accounts can be set up with or without access to Yellowbrick Manager. Database users and roles exist separately per data warehouse instance. Different sets of users and roles may belong to each instance in the same cloud deployment. The following users and roles are created by default in each new installation:

(initial administrator)

In the Deployer, you input (or automatically generate) the initial administrator credentials This account is intended for initial login to Yellowbrick Manager, but is not intended for extensive use. The ybdadmin user should create new users and roles with the same or fewer privileges, as required. This user is a member of all other predefined admin roles we well as the consumer role:

clusteradmin
consumeradmin
instanceadmin
securityadmin: privileges to create, drop, and alter roles and users, as well as external authorization control
sysadmin: broad privileges at the system, session, and database level, but no privileges on clusters
useradmin: privileges to create, drop, and alter roles and users

clusteradmin role

This role grants all privileges on clusters, including the ability to create new clusters, and alter, drop, or use any cluster for a given instance.

consumeradmin role

This role is designed for administrators. It confers privileges to create and manage instances, run diagnostics, and perform upgrades. The ybdadmin user belongs to the consumeradmin role; however, a new user who is granted membership in consumeradmin does not acquire membership in the other admin roles that ybdadmin has.

instanceadmin role

This role grants privileges for database administration: cluster management, database creation, workload management, access control for other users, and so on. A user with membership in this role is effectively a database administrator for a given data warehouse instance. Members of this role may explicitly grant additional users membership in the instanceadmin role.

This role grants membership in other predefined admin roles: clusteradmin, securityadmin, useradmin, sysadmin (but not the consumeradmin role).

consumer role

All new users belong to this empty role. ybdadmin has membership in the consumer role WITH ADMIN.

yellowbrick

A yellowbrick database superuser exists but is not intended for customer use and has no login password. It is used for system processes only and must not be tampered with.

sys_ybd_* (service accounts)

A number of system-defined no-login service roles exist in the system and are visible in all instances. Do not modify these roles. These role names begin with a sys_ybd_* prefix. Some of these services run background operations, such as flushing and analyzing tables.

You can create database users and roles by navigating to Instamcen Management → Access Control in Yellowbrick Manager or by using SQL.

Cluster Access

When you create new users and roles, be sure to grant them USAGE ON CLUSTER to at least one cluster. See ON CLUSTER.

Individual users may be assigned a default cluster where their queries always run. See ALTER USER SET DEFAULT_CLUSTER. (The default cluster assignment does not propagate to users from roles.)

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

sys.lock

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Loading from Amazon S3

Loading from Azure Blob Storage

Setting up and Running a Spark Job

Setting Up the ybrelay Service

LDAP Authentication

Synchronizing Users and Groups

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

AWS Marketplace

Create Stack

Docker

Cloud: Configuration

Vanity DNS

Yellowbrick Manager

Cloud: Enterprise Edition Getting Started

SQL-Based Loads from External Storage

Cloud: Installation

CLI Install Instructions

Permissions

Private Install Instructions

Public Install Instructions

Cloud: Kubernetes Guides

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

GROUP BY Clause

Subqueries

Data Type Casting

DECIMAL

JSON

JSONB

SQL String Constants

Aggregate Functions

Conditional Expressions

Datetime Functions

Formatting Functions

Geospatial functions

Mathematical Functions

Network Address Functions

Pattern Matching

Regular Expression Details

SQL Operators and Pattern Matching Functions

SQL Conditions

SQL User Defined Function (UDF)

SQL UDF Create Function

String Functions

ENCRYPT_KS

System Functions

Type-Safe Casting Functions

Window Functions

Creating WLM Resource Pools

Creating WLM Rules

Rule Examples

Users and Roles ​

Cluster Access ​

Users and Roles

Cluster Access