Skip to content
TensorDB

Authentication

User Management

TensorDB provides built-in user authentication with password-based credentials.

-- Create a user
CREATE USER alice WITH PASSWORD 'secret123';


-- Change password
ALTER USER alice SET PASSWORD 'newsecret';


-- Disable a user
ALTER USER alice DISABLE;


-- Grant roles
GRANT admin TO alice;
GRANT reader TO bob;


-- Revoke roles
REVOKE admin FROM alice;

Session Management

Sessions are token-based with configurable TTL:

  • Token-based authentication for API access
  • Session expiration with automatic cleanup
  • Session revocation for immediate logout

Security Best Practices

  • File permissions: Restrict access to the data directory
  • Encryption at rest: Enable with --features encryption for AES-256-GCM block-level encryption
  • Network isolation: When using pgwire server, bind to localhost unless TLS is configured
  • Application-level auth: Validate users in your application before database calls
  • Audit logging: Enable and monitor the audit log via SHOW AUDIT LOG