Skip to content

Commit 56d4476

Browse files
GennadNYGennadNY
committed
Update concepts-security.md
1 parent d3e238f commit 56d4476

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

articles/postgresql/flexible-server/concepts-security.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -47,11 +47,11 @@ When you're running Azure Database for PostgreSQL - Flexible Server, you have tw
4747
## Access management
4848

4949
Best way to manage PostgreSQL database access permissions at scale is using the concept of [roles](https://www.postgresql.org/docs/current/user-manag.html). A role can be either a database user or a group of database users, moreover roles can own the database objects and assign privileges on those objects to other roles to control who has access to which objects. It is also possible to grant membership in a role to another role, thus allowing the member role to use privileges assigned to another role.
50-
PostgreSQL lets you grant permissions directly to the database users. As a good security practice, it can be recommended that you create roles with specific sets of permissions based on minimum application and access requirements and then assign the appropriate roles to each user.
50+
PostgreSQL lets you grant permissions directly to the database users. As a good security practice, it can be recommended that you create roles with specific sets of permissions based on minimum application and access requirements and then assign the appropriate roles to each user. The roles should be used to enforce a *least privilege model* for accessing database objects.
5151

52-
While you're creating the Azure Database for PostgreSQL server, you provide credentials for an **administrator role**. This administrator role can be used to create more [PostgreSQL roles](https://www.postgresql.org/docs/current/user-manag.html).
52+
While you're creating the Azure Database for PostgreSQL server, you provide credentials for an **administrator role**. This administrator role can be used to create more [PostgreSQL roles](https://www.postgresql.org/docs/current/user-manag.html). The administrator role should never be used by the application.
5353

54-
For example,
54+
For example, below we can create an example role called *demouser*,
5555

5656
```SQL
5757
postgres=> create role demouser with password 'password123';

0 commit comments

Comments
 (0)