Postgres Pro AXE allows creating a secure environment for working with the OLAP data directly from PostgreSQL or Postgres Pro, with pgpro_metastore being its essential component.

Stored procedures on pgpro_metastore objects require specific privileges. These objects do not exist in the pg_catalog schema, and access to them is managed through proxy tables, i.e., empty Postgres Pro tables (without columns) in the metastore schema. Each object is associated with a proxy table, and they are created and deleted together. When you grant a privilege on a pgpro_metastore object, you actually grant a privilege on the associated proxy table.

The metadata of proxy tables is stored in the pga_proxy_table metadata table.

The access management model is built around a designated Postgres Pro AXE administrator who has privileges on all pgpro_metastore objects and can grant some of these privileges to other roles.