OLTP instance local role unable to authenticate

Make sure the Postgres native role login setting is enabled.

Written by aishwarya.sood

Last published at: October 15th, 2025

Problem

After creating a new online transaction processing (OLTP) instance in your workspace, you are able to authenticate using OAuth. However, when you create a new local role inside the database and try to connect, it doesn't work and the following error is thrown.

connection to server at "<oltp-instance-url>" (<ip-address>), port <port> failed: FATAL: password authentication failed for user <user>, port <port> failed: server closed the connection unexpectedly

 

You confirm the password is accurately entered, but it doesn't work. You may also try to update the password and log in again, which also doesn't work.

 

Cause

The managed PostgreSQL OLTP database has a new configuration and security default.

 

Password login for native Postgres roles is now disabled by default when you create a new OLTP instance. You must explicitly enable Postgres Native Role Login per instance to permit username and password authentication for roles you create inside the database.

 

Solution

  1. Click Compute in the workspace sidebar.
  2. Click the Lakebase Postgres tab.
  3. Go to the affected OLTP database instance from the list.
  4. Click Edit on the instance details page.
  5. Under Advanced Settings, look for and toggle on Enable Postgres Native Role Login
  6. Save the changes.

 

Additional measures

If you still cannot log in after enabling the setting, try the following additional measures. 

  • Double-check that the actual user or role exists. For details refer to the “Grant instance permissions to Databricks identities” section of the Manage roles and permissions (AWSAzure) documentation.
  • Ensure your client is connecting over SSL. If the connection from your Databricks cluster appears with ssl = t, SSL is active. Then, confirm you're not encountering workspace or IP ACL restrictions. For details, refer to the “List IP access lists” section of the Configure IP access lists for workspaces (AWSAzure) documentation.
  • Check if any workspace-specific Postgres configuration or network security policy might be interfering, though these are less likely. Check this by verifying that the Postgres pg_hba.conf (or RDS security group) allows SSL connections from your Databricks subnet or NAT gateway CIDR.