For the initial installation the extensions may need superuser privileges. On Fri, May 10, 2024 at 10:04 AM yudhi s <learnerdatabas...@gmail.com> wrote:
> Hello All, > We want to make sure to keep minimal privileges for the users based on > their roles and responsibility. We have one user group who will be working > on analyzing/debugging into performance issues in the databases. Basically > this group will be operating on extensions like apg_plan_management, > pg_hint_plan, auto_explain, plprofiler, pg_repack. So these extensions will > already be installed for the group, but they will just need to use those > appropriately. For example pg_hint_plan will not need any write privilege > because the user just has to put the hint in the query and run it to see > any performance variation. > > So like that , what kind of minimal privileges will each of these > extensions need to make them work for this performance group? Basically if > any of these will need write privilege or all works can be performed using > Readonly roles/privilege only? > > And I understand pg_monitor role wraps up most of the key read only > privileges within it to work on performance issues and also its a readonly > privilege only. So I wanted to know from experts here , if it's true and > pg_monitor role will suffice for all the above work? > > Regards > Yudhi >
