Document Postgres permission requirements (#871)

* Add semantic line feeds * Document Postgres permission requirements Closes #823
5 years ago · c141a050e5
parent 3c22dcd54d
commit c141a050e5
1 changed files with 17 additions and 1 deletions
--- a/website/content/docs/installing/postgres.mdx
+++ b/website/content/docs/installing/postgres.mdx
@ -16,4 +16,20 @@ Boundary has only been tested on Postgres 11 or greater.

 ## Network

-Boundary controllers must be able to reach Postgres. In non-HA configurations, this means Boundary servers; if you're running in [high availability](/docs/installing/high-availability), then the controllers need access to the Postgres server infrastructure. Worker nodes never need access to the database.
+Boundary controllers must be able to reach Postgres.
+In non-HA configurations, this means Boundary servers;
+if you're running in [high availability](/docs/installing/high-availability),
+then the controllers need access to the Postgres server infrastructure.
+Worker nodes never need access to the database.
+
+## Users/Roles
+
+After the database has been initialized,
+the database user for a Boundary Controller
+only requires permissions for [Data Manipulation](https://www.postgresql.org/docs/current/dml.html)
+(select, insert, update, and delete) operations.
+
+Database initialization requires elevated privileges.
+When initializing the database with the `boundary database init` command,
+the boundary database user
+requires the `superuser` role plus `all privileges` on the boundary database.