# Monitoring User

## Version >= 10

```sql
create user datasentinel password 'myPassword';
grant pg_monitor,pg_read_all_settings,pg_read_all_stats to datasentinel;
```

If you intend to use the option for terminating a session directly from the User Interface

```sql
grant pg_signal_backend to datasentinel;
```

{% hint style="info" %}
It's important to highlight that the user doesn't write data in PostgreSQL\
Access is confined to read-only permissions solely for retrieving metrics.
{% endhint %}

<details>

<summary>For Version &#x3C; 10</summary>

The user must have the role superuser

```
create user datasentinel password 'myPassword';
alter user datasentinel with superuser;
```

</details>

{% hint style="warning" %}
The default setting for the PostgreSQL `search_path` variable is `"$user", public`.

If the `search_path` has been modified at the instance level, it's essential to ensure that the user account, typically **datasentinel**, includes the `public` schema in its `search_path`.

If the `public` schema is not included, you will need to update it accordingly.&#x20;

<pre class="language-sql"><code class="lang-sql"><strong>ALTER USER datasentinel SET search_path TO "$user", public;
</strong><strong>// Connect with datasentinel user
</strong><strong>SHOW search_path;
</strong></code></pre>

{% endhint %}

## File `pg_hba.conf`

* Add authorization for the monitoring user to connect to all databases with a password

```
# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             datasentinel    127.0.0.1/0             md5
```

{% hint style="info" %}
The user needs to be able to connect to **ALL** databases.
{% endhint %}

* Reload the configuration

## SSL connection

{% hint style="warning" %}
Only Available when using the [Agentless method](https://docs.datasentinel.io/manual/features/other-features/agentless-monitoring)
{% endhint %}

You can configure the monitoring user to use SSL connections to your PostgreSQL instances

Here are the steps to follow:

* Navigate to the **Agentless Settings** section of the UI
* Ensure that your connection name starts with **ssl** (for instance, "ssl\_crm\_production").
* Transfer the certificates to the **`/datasentinel/ssl`** directory on the platform.
* The name of the certificate files must be standardized starting with the name of the connection, as below

{% code title="Example" %}

```bash
/datasentinel/ssl/ssl_crm_production_root.crt
/datasentinel/ssl/ssl_crm_production_postgresql.crt
/datasentinel/ssl/ssl_crm_production_postgresql.key
```

{% endcode %}

* Change the access permissions: **`chmod 600`**