Support Multiple Database Servers, Teleport Integration, and RBAC

--- tags: feature request, multiple databases, database servers, credentials, Teleport integration, RBAC --- # Support Multiple Database Servers, Teleport Integration, and RBAC ###### Category: Feature Request ###### User: MarkCupitt ###### Source: [GitHub Issue #2716](https://github.com/centerofci/mathesar/issues/2716) ## Feedback Content We are using Teleport to protect our operational and production systems, and it would probably be a very good idea if you could support it. Teleport is a secure proxy, that implements RBAC to determine who gets to see whats behind it. When it calls an application, it provides a [ RFD ] JWT in a header called teleport-jwt-assertion which allows for a good level of user cred integration and role propagation We would love to leverage this capability to extend roles and permissions into Mathesar. As you are very aware, database security is very difficult to implement effectively without handing out passwords, so the ability to map a role supplied by teleport to a database user, schema and password to access the db would be incredibly useful as long as it was secure and encrypted in storage We would see us connecting to a single Mathesar instance, and a list of databases that the users RBAC gave them permissions to would display, along with a RW RO OWNER indicator, clicking on the database would switch to what is there now, which is super by the way It could also use the logged in teleport user as the database user, but in our case, we want to go with generic users controlled by RBAC to manage access A use case like above would be incredibly useful, and may generate a lot of interest among the community. We are very concerned at using a UI like PGadmin 4 that requires us to hand out creds before it can be used, it makes cred management super hard, and we identify that issue as a strategic weakness we have to address and would dearly love a web based UI we could securely integrate in our Kubernetes Admin Clusters ## Context (Optional) ## Related GitHub Issue(s) - [GitHub Issue #2716](https://github.com/centerofci/mathesar/issues/2716) ## Actions - [ ] No action required - [ ] Needs to be addressed - [ ] Further action needed - [ ] Roadmap suggestion