diff --git a/product_docs/docs/pem/9/registering_agent.mdx b/product_docs/docs/pem/9/registering_agent.mdx index 3c617e4f678..551a8e2e737 100644 --- a/product_docs/docs/pem/9/registering_agent.mdx +++ b/product_docs/docs/pem/9/registering_agent.mdx @@ -48,23 +48,23 @@ set PEM_SERVER_PASSWORD=edb |---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `--pem-server` | The IP address of the PEM backend database server. This parameter is required. | | `--pem-port` | The port of the PEM backend database server. The default value is `5432`. | -| `--pem-user` | The name of the database user having superuser privileges of the PEM backend database server. This parameter is required. | -| `--pem-agent-user` | The agent user to connect the PEM server backend database server. | -| `--pem-ssl-mode` | Type of SSL authentication used for connecting PEM agent to the PEM server. The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. | -| `--cert-path` | The complete path to the directory where certificates are created. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | +| `--pem-user` | The name of a database user with the `pem_admin` role and the `rolcreaterole` flag set (or a superuser) on the PEM backend database server. This user will be used to connect to the PEM server to perform agent registration. This parameter is required. | +| `--pem-agent-user` | The name of a database user on the PEM backend database server. After registration, the agent will use this user to open connections to the PEM database server to write probe data, evaluate alerts, etc. This parameter is optional. If omitted, the agent will connect using a new user created during registration named `agent` where `` is the agent ID. Note that this user is always created and even if you specify a `pem-agent-user` the agent will use `SET ROLE agent` to switch roles after the connection is made. | +| `--pem-ssl-mode` | The [SSL mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION) to be used by the PEM agent user (see above). The possible values are `prefer`, `require`,`disable`,`verify-CA`, and `verify-full`. The default value is `require`. | +| `--cert-path` | The complete path to a directory in which certificates will be stored. If you don't provide a path, certificates are created in `~/.pem` on Linux and `%APPDATA%/pem` on Windows. | | `--config-dir` | The directory path for the configuration file. The default is `/../etc`. | | `--display-name` | A user-friendly name for the agent to display in the PEM browser tree. In PEM 9.6 and later, the default is the host's fully qualified domain name (FQDN), falling back to the hostname if this option isn't set. For releases earlier than PEM 9.6, the default is the hostname. | -| `--force-registration` | Include the `force_registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | -| `--group` | The name of the group in which the agent is displayed. | -| `--team` | The name of the database role on the PEM backend database server with access to the monitored database server. | -| `--owner` | The name of the database user on the PEM backend database server who owns the agent. | +| `--force-registration` | Include the `force-registration` clause to register the agent with the arguments provided. This clause is useful if you're overriding an existing agent configuration. The default value is `Yes`. | +| `--group` | The name of a group in which to place the agent. This parameter is optional, if omitted the agent will not be placed in a group. | +| `--team` | The name of a database role on the PEM backend database server. Access to this agent will be restricted to only the named role, the owner, and the `pem_admin` role. This parameter is optional. No team will be assigned if omitted, meaning all users can access this agent. | +| `--owner` | The name of a database user on the PEM backend database server. This user will be assigned as the owner of the agent. The specified `pem-user` will be assigned as the owner if omitted. | | `--allow_server_restart` | Enable the `allow_server_restart` parameter to allow PEM to restart the monitored server. The default value is `True`. | | `--allow-batch-probes` | Enable the `allow-batch-probes` parameter to allow PEM to run batch probes on this agent. The default value is `False`. | | `--batch-script-user` | The operating system user to use for executing the batch/shell scripts. The default value is none. The scripts don't execute if you leave this parameter blank or the specified user doesn't exist. | | `--enable-heartbeat-connection` | Enable the `enable-heartbeat-connection` parameter to create a dedicated heartbeat connection between the PEM agent and server to update the active status. The default value is `False`. | | `--enable-smtp` | Enable the `enable-smtp parameter` to allow the PEM agent to send the email on behalf of the PEM server. The default value is `False`. | | `--enable-snmp` | Enable the `enable-snmp parameter` to allow the PEM agent to send the SNMP traps on behalf of the PEM server. The default value is `False`. | -| `-o` | Specifies whether you want to override the configuration file options. | +| `-o` | Used to override the configuration file options. See the below [example](#overriding-default-configurations---examples) for usage. | !!! Note Allowing the agent to restart the database server If you use any feature of PEM that requires a database server restart by the PEM agent (such as Audit Manager, Log Manager, or the Tuning Wizard), then you must set the value of `allow_server_restart` to `true` in the `agent.cfg` file or restart the server manually for changes to take effect.