Security and roles v4
Only superusers can create the BDR extension. However, if you want, you can set up the pgextwlist
extension and configure it to allow a non-superuser to create a BDR extension.
Configuring and managing BDR doesn't require superuser access, nor is that recommended. The privileges required by BDR are split across the following default/predefined roles, named similarly to the PostgreSQL default/predefined roles:
- bdr_superuser — The highest-privileged role, having access to all BDR tables and functions.
- bdr_read_all_stats — The role having read-only access to the tables, views, and functions, sufficient to understand the state of BDR.
- bdr_monitor