Roles v5
Configuring and managing PGD doesn't require superuser access. We recommend that you do not use superuser access. Instead, the privileges required to administer PGD are split across the following predefined roles:
| Role | Description |
|---|---|
| bdr_superuser | The highest-privileged role, having access to all PGD tables and functions. |
| bdr_read_all_stats | The role having read-only access to the tables, views, and functions, sufficient to understand the state of PGD. |
| bdr_monitor | At the moment, the same as bdr_read_all_stats. To be extended later. |
| bdr_application | The minimal privileges required by applications running PGD. |
| bdr_read_all_conflicts | Can view all conflicts in bdr.conflict_history. |
These roles are named to be analagous to to PostgreSQL's pg_ predefined
roles:
The PGD bdr_ roles are created when the BDR extension is installed. See PGD
predefined roles for more details of what priviliges each
one has.
Managing PGD doesn't require that administrators have access to user data.
Arrangements for securing conflicts are discussed in Logging conflicts to a table.
You can monitor conflicts using the bdr.conflict_history_summary view.
The BDR extension and superuser access
The one exception to the rule of not needing superuser access is in the
management of PGD's underlying BDR extension. Only superusers can create the BDR
extension. However, if you want, you can set up the pgextwlist extension and
configure it to allow a non-superuser to create a BDR extension.