# Monitoring User

## Version >= 10

```sql
create user datasentinel password 'myPassword';
grant pg_monitor,pg_read_all_settings,pg_read_all_stats to datasentinel;
```

If you intend to use the option for terminating a session directly from the User Interface

```sql
grant pg_signal_backend to datasentinel;
```

{% hint style="info" %}
It's important to highlight that the user doesn't write data in PostgreSQL\
Access is confined to read-only permissions solely for retrieving metrics.
{% endhint %}

<details>

<summary>For Version &#x3C; 10</summary>

The user must have the role superuser

```
create user datasentinel password 'myPassword';
alter user datasentinel with superuser;
```

</details>

{% hint style="warning" %}
The default setting for the PostgreSQL `search_path` variable is `"$user", public`.

If the `search_path` has been modified at the instance level, it's essential to ensure that the user account, typically **datasentinel**, includes the `public` schema in its `search_path`.

If the `public` schema is not included, you will need to update it accordingly.

<pre class="language-sql"><code class="lang-sql"><strong>ALTER USER datasentinel SET search_path TO "$user", public;
</strong><strong>// Connect with datasentinel user
</strong><strong>SHOW search_path;
</strong></code></pre>

{% endhint %}

## File `pg_hba.conf`

* Add authorization for the monitoring user to connect to all databases with a password

```
# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    all             datasentinel    127.0.0.1/0             md5
```

{% hint style="info" %}
The user needs to be able to connect to **ALL** databases.
{% endhint %}

* Reload the configuration

## SSL connection

{% hint style="warning" %}
Only Available when using the [Agentless method](/manual/features/other-features/agentless-monitoring.md)
{% endhint %}

You can configure the monitoring user to use SSL connections to your PostgreSQL instances

Here are the steps to follow:

* Navigate to the **Agentless Settings** section of the UI
* Ensure that your connection name starts with **ssl** (for instance, "ssl\_crm\_production").
* Transfer the certificates to the **`/datasentinel/ssl`** directory on the platform.
* The name of the certificate files must be standardized starting with the name of the connection, as below

{% code title="Example" %}

```bash
/datasentinel/ssl/ssl_crm_production_root.crt
/datasentinel/ssl/ssl_crm_production_postgresql.crt
/datasentinel/ssl/ssl_crm_production_postgresql.key
```

{% endcode %}

* Change the access permissions: **`chmod 600`**


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.datasentinel.io/manual/getting-started/postgresql-clusters/monitoring-user.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.