17. User Management and Security
This module focuses on least-privilege access: creating roles, granting only what is required, and using row-level controls when needed.
Decision Guide
| Need | Prefer | Notes |
|---|---|---|
| Separate app read/write permissions | roles + grants | Use distinct roles for readers and writers |
| Tenant isolation | Row-level security (RLS) | Enforced by the database |
| Hide base tables | views + grants | Grant on views, restrict underlying tables |
| Secure auth | SCRAM + TLS | Configure in pg_hba.conf and server settings |
Lessons
What's Next
- Continue to 18. Performance Optimization