PGD predefined roles v5

PGD predefined roles are created when the BDR extension is installed. After BDR extension is dropped from a database, the roles continue to exist. You need to drop them manually if dropping is required. This practice allows PGD to be used in multiple databases on the same PostgreSQL instance without problem.

bdr_superuser

• ALL PRIVILEGES ON ALL TABLES IN SCHEMA BDR
• ALL PRIVILEGES ON ALL ROUTINES IN SCHEMA BDR

bdr_read_all_stats

SELECT privilege on:

• bdr.conflict_history_summary
• bdr.ddl_epoch
• bdr.ddl_replication
• bdr.global_consensus_journal_details
• bdr.global_lock
• bdr.global_locks
• bdr.local_consensus_state
• bdr.local_node_summary
• bdr.node
• bdr.node_catchup_info
• bdr.node_conflict_resolvers
• bdr.node_group
• bdr.node_local_info
• bdr.node_peer_progress
• bdr.node_slots
• bdr.node_summary
• bdr.replication_sets
• bdr.sequences
• bdr.stat_relation
• bdr.stat_subscription
• bdr.subscription
• bdr.subscription_summary
• bdr.tables

EXECUTE privilege on:

• bdr.bdr_version
• bdr.bdr_version_num
• bdr.decode_message_payload
• bdr.get_global_locks
• bdr.get_raft_status
• bdr.get_relation_stats
• bdr.get_slot_flush_timestamp
• bdr.get_sub_progress_timestamp
• bdr.get_subscription_stats
• bdr.peer_state_name
• bdr.show_subscription_status

bdr_monitor

All privileges from bdr_read_all_stats.

Also, EXECUTE privilege on:

• bdr.monitor_group_versions
• bdr.monitor_group_raft
• bdr.monitor_local_replslots

bdr_application

EXECUTE privilege on:

• All functions for column_timestamps datatypes
• All functions for CRDT datatypes
• bdr.alter_sequence_set_kind
• bdr.create_conflict_trigger
• bdr.create_transform_trigger
• bdr.drop_trigger
• bdr.get_configured_camo_partner
• bdr.global_lock_table
• bdr.is_camo_partner_connected
• bdr.is_camo_partner_ready
• bdr.logical_transaction_status
• bdr.ri_fkey_trigger
• bdr.seq_nextval
• bdr.seq_currval
• bdr.seq_lastval
• bdr.trigger_get_committs
• bdr.trigger_get_conflict_type
• bdr.trigger_get_origin_node_id
• bdr.trigger_get_row
• bdr.trigger_get_type
• bdr.trigger_get_xid
• bdr.wait_for_camo_partner_queue
• bdr.wait_slot_confirm_lsn

Many of these functions require additional privileges before you can use them. For example, you must be the table owner to successfully execute bdr.alter_sequence_set_kind. These additional rules are described with each specific function.

bdr_read_all_conflicts

PGD logs conflicts into the bdr.conflict_history table. Conflicts are visible only to table owners, so no extra privileges are required to read the conflict history. If it's useful to have a user that can see conflicts for all tables, you can optionally grant the role bdr_read_all_conflicts to that user.

• On this page
• bdr_superuser
• bdr_read_all_stats
• bdr_monitor
• bdr_application
• bdr_read_all_conflicts