Re: Question on roles and privileges

For the initial installation the extensions may need superuser privileges.

On Fri, May 10, 2024 at 10:04 AM yudhi s <learnerdatabase99(at)gmail(dot)com>
wrote:

> Hello All,
> We want to make sure to keep minimal privileges for the users based on
> their roles and responsibility. We have one user group who will be working
> on analyzing/debugging into performance issues in the databases. Basically
> this group will be operating on extensions like apg_plan_management,
> pg_hint_plan, auto_explain, plprofiler, pg_repack. So these extensions will
> already be installed for the group, but they will just need to use those
> appropriately. For example pg_hint_plan will not need any write privilege
> because the user just has to put the hint in the query and run it to see
> any performance variation.
>
> So like that , what kind of minimal privileges will each of these
> extensions need to make them work for this performance group? Basically if
> any of these will need write privilege or all works can be performed using
> Readonly roles/privilege only?
>
> And I understand pg_monitor role wraps up most of the key read only
> privileges within it to work on performance issues and also its a readonly
> privilege only. So I wanted to know from experts here , if it's true and
> pg_monitor role will suffice for all the above work?
>
> Regards
> Yudhi
>