Hi,
We have two different types of DBA group in current on-premise Oracle databases, one who deploy code in prod and highest level of privileges (i.e having write access to the database objects, performing backup recovery, export/import and performing other database maintenance jobs etc).
and other groups, who only have read only privileges (select catalogue role i.e access to data dictionary views, run time and historical performance views along) mainly look into the performance issues and more alligns towards the functional part of the application , understands the database design working closely with Application Development team and they have read only access to the databases. They are expert in reading query execution path and have privilege to run the explain command, reading sqlmonitor report, creating profiles, baselines , adding hints to the query by understanding inefficient execution path, fetching AWR report, tracing sql queries, gathering object statistics, accessing OEM(oracle enterprise manager ) to monitor performance. Suggesting appropriate indexes and partitioning strategies for tables etc.
Now that we are moving few of the applications to Postgres on-premise database and few to aws RDS postgres. What kind of privileges should we provide to these two groups? Mainly we don't want the performance guys to have the elevated privileges. I can understand , readonly access to the table is something we can give to those users. Apart from that, are there any specific privileges which we should provide, so as to enable look and debug into all types of performance issues without any obstruction and at the same time not giving elevated privileges?
Regards
Veem
