From: | Lok P <loknath(dot)73(at)gmail(dot)com> |
---|---|
To: | yudhi s <learnerdatabase99(at)gmail(dot)com> |
Cc: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Question on roles and privileges |
Date: | 2024-05-10 06:01:00 |
Message-ID: | CAKna9VY1+05VziBGD64SJeHGO-FPZc861z13C=JibfG2c+t_bQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
For the initial installation the extensions may need superuser privileges.
On Fri, May 10, 2024 at 10:04 AM yudhi s <learnerdatabase99(at)gmail(dot)com>
wrote:
> Hello All,
> We want to make sure to keep minimal privileges for the users based on
> their roles and responsibility. We have one user group who will be working
> on analyzing/debugging into performance issues in the databases. Basically
> this group will be operating on extensions like apg_plan_management,
> pg_hint_plan, auto_explain, plprofiler, pg_repack. So these extensions will
> already be installed for the group, but they will just need to use those
> appropriately. For example pg_hint_plan will not need any write privilege
> because the user just has to put the hint in the query and run it to see
> any performance variation.
>
> So like that , what kind of minimal privileges will each of these
> extensions need to make them work for this performance group? Basically if
> any of these will need write privilege or all works can be performed using
> Readonly roles/privilege only?
>
> And I understand pg_monitor role wraps up most of the key read only
> privileges within it to work on performance issues and also its a readonly
> privilege only. So I wanted to know from experts here , if it's true and
> pg_monitor role will suffice for all the above work?
>
> Regards
> Yudhi
>
From | Date | Subject | |
---|---|---|---|
Next Message | yudhi s | 2024-05-10 06:05:02 | Re: Question on roles and privileges |
Previous Message | Vidyashree H S | 2024-05-10 05:18:42 | Re: Postgresql active-active nodes in cluster |