Re: Aligning grants and privileges

On 2/27/24 12:40, veem v wrote:
> Hi,
> We have two different types of DBA group in current on-premise Oracle 
> databases,  one who deploy code in prod and highest level of privileges 
> (i.e having write access to the database objects, performing backup 
> recovery, export/import and performing other database maintenance jobs etc).
> 
> and other groups, who only have read only privileges (select catalogue 
> role i.e access to data dictionary views, run time and historical 
> performance views along) mainly look into the performance issues and 
> more alligns towards the functional part of the application , 
> understands the database design working closely with Application 
> Development team and they have read only access to the databases. They 
> are expert in reading query execution path and have privilege to run the 
> explain command, reading sqlmonitor report, creating profiles, baselines 
> , adding hints to the query by understanding inefficient execution path, 
> fetching AWR report, tracing sql queries, gathering object statistics, 
> accessing OEM(oracle enterprise manager ) to monitor performance. 
> Suggesting appropriate indexes and partitioning strategies for tables etc.
> 
> Now that we are moving few of the applications to Postgres on-premise 
> database and few to aws RDS postgres. What kind of privileges should we 
> provide to these two groups? Mainly we don't want the performance guys 
> to have the elevated privileges. I can understand , readonly access to 
> the table is something we can give to those users. Apart from that, are 
> there any specific privileges which we should provide,  so as to enable 
> look and debug into all types of performance issues without any 
> obstruction and at the same time not giving elevated privileges?

Read:

https://www.postgresql.org/docs/current/predefined-roles.html

> 
> Regards
> Veem

-- 
Adrian Klaver
adrian.klaver@aklaver.com