PGD predefined roles v5
PGD predefined roles are created when the BDR extension is installed. After BDR extension is dropped from a database, the roles continue to exist. You need to drop them manually if dropping is required. This practice allows PGD to be used in multiple databases on the same PostgreSQL instance without problem.
The GRANT ROLE
DDL statement doesn't participate in PGD replication. Thus,
execute this on each node of a cluster.
bdr_superuser
- ALL PRIVILEGES ON ALL TABLES IN SCHEMA BDR
- ALL PRIVILEGES ON ALL ROUTINES IN SCHEMA BDR
bdr_read_all_stats
SELECT privilege on:
bdr.conflict_history_summary
bdr.ddl_epoch
bdr.ddl_replication
bdr.global_consensus_journal_details
bdr.global_lock
bdr.global_locks
bdr.local_consensus_state
bdr.local_node_summary
bdr.node
bdr.node_catchup_info
bdr.node_conflict_resolvers
bdr.node_group
bdr.node_local_info
bdr.node_peer_progress
bdr.node_slots
bdr.node_summary
bdr.replication_sets
bdr.sequences
bdr.stat_relation
bdr.stat_subscription
bdr.subscription
bdr.subscription_summary
bdr.tables
EXECUTE privilege on:
bdr.bdr_version
bdr.bdr_version_num
bdr.decode_message_payload
bdr.get_global_locks
bdr.get_raft_status
bdr.get_relation_stats
bdr.get_slot_flush_timestamp
bdr.get_sub_progress_timestamp
bdr.get_subscription_stats
bdr.peer_state_name
bdr.show_subscription_status
bdr_monitor
All privileges from bdr_read_all_stats
.
Also, EXECUTE privilege on:
bdr_application
EXECUTE privilege on:
- All functions for column_timestamps datatypes
- All functions for CRDT datatypes
bdr.alter_sequence_set_kind
bdr.create_conflict_trigger
bdr.create_transform_trigger
bdr.drop_trigger
bdr.get_configured_camo_partner
bdr.global_lock_table
bdr.is_camo_partner_connected
bdr.is_camo_partner_ready
bdr.logical_transaction_status
bdr.ri_fkey_trigger
bdr.seq_nextval
bdr.seq_currval
bdr.seq_lastval
bdr.trigger_get_committs
bdr.trigger_get_conflict_type
bdr.trigger_get_origin_node_id
bdr.trigger_get_row
bdr.trigger_get_type
bdr.trigger_get_xid
bdr.wait_for_camo_partner_queue
bdr.wait_slot_confirm_lsn
Many of these functions require additional privileges before you can use them.
For example, you must be the table owner to successfully execute
bdr.alter_sequence_set_kind
. These additional rules are described with each
specific function.
bdr_read_all_conflicts
PGD logs conflicts into the
bdr.conflict_history
table. Conflicts are visible only to table owners, so no extra privileges are
required to read the conflict history. If it's useful to have a user that can
see conflicts for all tables, you can optionally grant the role
bdr_read_all_conflicts to that user.