The confidentiality management role performs all operations on the confidentiality matrix. As such, the confidentiality management role requires very strong privileges to either:
Has all of the following rights
Superuser privileges
Ownership of database objects belonging to the confidentiality level
Has all of the following privileges
CREATEROLE privilege
SELECT, INSERT, UPDATE, and DELETE privileges on all tables included in the extension
'public' is granted SELECT when CREATE EXTENSION statement is executed.
Ownership of database objects belonging to the confidentiality level
Note
Note that the previous owner may not be able to execute GRANT statements, etc. once the confidentiality management role becomes the owner. This is because ownership of database objects cannot be shared by multiple roles belonging to different role groups. This is the PostgreSQL specification.
The confidentiality management role can create and manage multiple confidentiality matrices, but it is safer to distribute the authority. For that reason, we recommend that you decide on confidentiality management rules in the following order of priority.
Create one-to-one confidentiality matrices and confidentiality management roles.
Create a role group with multiple confidentiality management roles as members, or manage multiple confidentiality matrices with one confidentiality management role.
A superuser is also a confidentiality management role.
Note
To assign attributes that only a superuser can grant to a role managed using the confidentiality management feature, the superuser must also serve as the confidentiality management role. For example, the REPLICATION attribute is such an attribute. Refer to the reference of the PostgreSQL Documentation for details.
The CREATEROLE privilege changed in Fujitsu Enterprise Postgres 16. For this reason, if you want to use a non-superuser role as the confidentiality management role, you must first add the privilege (CREATEDB, BYPASSRLS, etc.) that you set for creating and updating confidentiality groups to the confidentiality management role. If these privileges are not set, the confidentiality group operation may fail. For information about changing the CREATEROLE privilege, refer to "Migration to Version 16" in the PostgreSQL Documentation.
