> ## Documentation Index
> Fetch the complete documentation index at: https://private-7c7dfe99-fix-nav-issues.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Managed Postgres RBAC

> Learn about role-based access control (RBAC) in ClickHouse Managed Postgres

export const Image = ({img, alt, size}) => {
  return <Frame>
      <img src={img} alt={alt} />
    </Frame>;
};

export const galaxyOnClick = eventName => () => {
  try {
    if (typeof window !== "undefined" && window.galaxy && eventName) {
      window.galaxy.track(eventName, {
        interaction: "click"
      });
    }
  } catch (e) {}
};

export const BetaBadge = ({link, galaxyTrack, galaxyEvent}) => {
  if (link) {
    return <a href={link} target="_blank" rel="noopener noreferrer" className="betaBadge" onClick={galaxyTrack && galaxyEvent ? galaxyOnClick(galaxyEvent) : undefined}>
                <Icon />
                <span>Beta</span>
            </a>;
  }
  return <div className="betaBadge">
            <Icon />
            <span>
                Beta feature. 
                <u>
                    <a href="/docs/beta-and-experimental-features#beta-features">
                        Learn more.
                    </a>
                </u>
            </span>
        </div>;
};

ClickHouse Cloud supports role-based access control (RBAC) for Managed Postgres services. You can create custom roles with specific permissions and assign them to organization members to control who can view or manage your Postgres services.

<h2 id="available-permissions">
  Available permissions
</h2>

Managed Postgres currently supports two permissions:

| Permission                   | Description                                                         |
| ---------------------------- | ------------------------------------------------------------------- |
| **View Postgres services**   | Allows a user to see the Postgres service and its details.          |
| **Manage Postgres services** | Allows a user to modify, scale, and configure the Postgres service. |

Creating a new Postgres service requires the existing **Organization manage** permission. The permissions above apply only to existing services.

<Note>
  More granular permissions will be available in a future release.
</Note>

<h2 id="creating-a-custom-role">
  Creating a custom role
</h2>

1. Click your organization name in the left sidebar and select **Users and roles**.

<Image img="https://mintcdn.com/private-7c7dfe99-fix-nav-issues/qT0j4CNmQubVqREl/images/managed-postgres/rbac/usersandroles.png?fit=max&auto=format&n=qT0j4CNmQubVqREl&q=85&s=8d0fc9ebc47ac62a0430b309210f076d" alt="Users and roles menu" size="md" border width="856" height="858" data-path="images/managed-postgres/rbac/usersandroles.png" />

2. Switch to the **Roles** tab and click **Create role**.
3. Enter a name for the role, then click **+ Allow** and select **Postgres Service** from the entity list.

<Image img="https://mintcdn.com/private-7c7dfe99-fix-nav-issues/qT0j4CNmQubVqREl/images/managed-postgres/rbac/postgresentity.png?fit=max&auto=format&n=qT0j4CNmQubVqREl&q=85&s=c5e72da89fc03d23b6729be4eb11f179" alt="Selecting the Postgres Service entity" size="md" border width="1198" height="1322" data-path="images/managed-postgres/rbac/postgresentity.png" />

4. Choose the Postgres service to scope the role to, then select the permissions to grant.

<Image img="https://mintcdn.com/private-7c7dfe99-fix-nav-issues/qT0j4CNmQubVqREl/images/managed-postgres/rbac/newpostgresperms.png?fit=max&auto=format&n=qT0j4CNmQubVqREl&q=85&s=6821131ba0d3ae3ef4c01f68efe10677" alt="Configuring Postgres permissions on a role" size="md" border width="1202" height="922" data-path="images/managed-postgres/rbac/newpostgresperms.png" />

5. Click **Create role** to save.

<h2 id="assigning-a-role">
  Assigning a role
</h2>

Once the role is created, assign it to users from the **Users** tab on the same **Users and roles** page. A user can have multiple roles, and roles can be combined to build the exact access profile you need.