Re: Aligning grants and privileges

On 2/27/24 12:40, veem v wrote:
> Hi,
> We have two different types of DBA group in current on-premise Oracle
> databases,  one who deploy code in prod and highest level of privileges
> (i.e having write access to the database objects, performing backup
> recovery, export/import and performing other database maintenance jobs etc).
>
> and other groups, who only have read only privileges (select catalogue
> role i.e access to data dictionary views, run time and historical
> performance views along) mainly look into the performance issues and
> more alligns towards the functional part of the application ,
> understands the database design working closely with Application
> Development team and they have read only access to the databases. They
> are expert in reading query execution path and have privilege to run the
> explain command, reading sqlmonitor report, creating profiles, baselines
> , adding hints to the query by understanding inefficient execution path,
> fetching AWR report, tracing sql queries, gathering object statistics,
> accessing OEM(oracle enterprise manager ) to monitor performance.
> Suggesting appropriate indexes and partitioning strategies for tables etc.
>
> Now that we are moving few of the applications to Postgres on-premise
> database and few to aws RDS postgres. What kind of privileges should we
> provide to these two groups? Mainly we don't want the performance guys
> to have the elevated privileges. I can understand , readonly access to
> the table is something we can give to those users. Apart from that, are
> there any specific privileges which we should provide,  so as to enable
> look and debug into all types of performance issues without any
> obstruction and at the same time not giving elevated privileges?

Read:

https://www.postgresql.org/docs/current/predefined-roles.html

>
> Regards
> Veem

--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com