This topic describes the permissions of the privileged account and standard account that are created on an ApsaraDB RDS for the PostgreSQL instance.
Permissions
Standard account
The permissions of a standard account on an RDS instance are the same as the permissions of a non-privileged account in open source PostgreSQL. For more information, see PostgreSQL official documentation.
Privileged account
The privileged account on an RDS instance has the following permissions in addition to all permissions of a standard account:
Commit all prepared transactions during the two-phase commit (2PC) process.
NoteWhen transactions involve operations that must be performed among multiple databases or systems, the 2PC protocol is used to ensure data consistency. The 2PC protocol ensures that all involved transactions are committed or rolled back.
For more information, see SQL PREPARE TRANSACTION.
Manually execute VACUUM statements on tables.
NoteVACUUM statements are used to reclaim the disk space that is occupied by deleted rows and update statistics. For more information, see VACUUM.
Execute the CREATE EVENT TRIGGER statement to create an event trigger or change the owner of the event trigger to the owner of the privileged account.
NoteFor more information about an event trigger, see CREATE EVENT TRIGGER.
Execute the CREATE EXTENSION statement to create an extension. For more information about supported extensions, see Extensions supported by ApsaraDB RDS for PostgreSQL.
Configure the LEAKPROOF parameter for a function when you create the function, or modify the LEAKPROOF parameter for the function.
NoteFor more information, see CREATE FUNCTION.
Execute the CREATE PUBLICATION statement to create a publication or change the owner of the publication.
NoteIn PostgreSQL, the logical replication feature is used to create a publication. The feature applies the changes of a database to other databases.
Execute the CREATE SUBSCRIPTION statement to create a subscription or change the owner of the subscription.
NoteIn PostgreSQL, the logical replication feature is used to create a subscription. The subscription allows the system to apply the changes of a publication to databases that you subscribe to.
Use the text search feature to perform full-text searches and text-based matches. For more information, see Full Text Search.
Change the owner of a data type.
Create a privileged account or change a standard account to a privileged account.
Query the backend processes of the privileged account and all standard accounts, and call functions such as
pg_terminate_backend()
for the processes.Obtain the backend connection settings of the privileged account and all standard accounts from the
pg_stat_activity
view.Execute GRANT and REVOKE statements on objects of a standard account. For more information, see GRANT and REVOKE.
Execute the SET ROLE statement to change the permissions of the privileged account in the current session to the permissions of the specified standard account.
References
For more information about how to manage permissions in a fine-grained manner, see Manage permissions in an ApsaraDB RDS for PostgeSQL instance.