Hello All,
We want to make sure to keep minimal privileges for the users based on their roles and responsibility. We have one user group who will be working on analyzing/debugging into performance issues in the databases. Basically this group will be operating on extensions like apg_plan_management, pg_hint_plan, auto_explain, plprofiler, pg_repack. So these extensions will already be installed for the group, but they will just need to use those appropriately. For example pg_hint_plan will not need any write privilege because the user just has to put the hint in the query and run it to see any performance variation.
So like that , what kind of minimal privileges will each of these extensions need to make them work for this performance group? Basically if any of these will need write privilege or all works can be performed using Readonly roles/privilege only?
And I understand pg_monitor role wraps up most of the key read only privileges within it to work on performance issues and also its a readonly privilege only. So I wanted to know from experts here , if it's true and pg_monitor role will suffice for all the above work?
Regards
Yudhi