Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Managed Service for PostgreSQL
  • Getting started
    • Service resource interdependencies
    • Planning a cluster topology
    • Cluster high availability
    • Managed Service for PostgreSQL network
    • Quotas and limits
    • Managed Service for PostgreSQL storage
    • Backups
    • Assigning roles
    • Managing connections
    • Replication
    • Maintenance
    • Supported clients
    • PostgreSQL settings
    • Indexes
    • SQL command limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Public materials
  • Release notes

In this article:

  • mdb_superuser
  • mdb_admin
  • mdb_monitor
  • mdb_replication
  1. Concepts
  2. Assigning roles

Assigning roles PostgreSQL

Written by
Yandex Cloud
Updated at July 2, 2025
  • mdb_superuser
  • mdb_admin
  • mdb_monitor
  • mdb_replication

With Managed Service for PostgreSQL, you cannot access predefined roles. Instead, this service provides the following special roles:

  • mdb_superuser: For users who are not database owners but need to manage privileges as owners.
  • mdb_admin: For users who are not database owners but need administrative privileges.
  • mdb_monitor: For users who need to be able to read various configuration parameters, statistics, and other system information.
  • mdb_replication: For users who need to be able to perform logical replication.

To assign a role to a user, use the Yandex Cloud interfaces: roles assigned by a GRANT request are revoked with the next database operation.

Note

You cannot create custom roles in Managed Service for PostgreSQL. User permissions depend on a set of privileges the user is granted.

mdb_superusermdb_superuser

The mdb_superuser role enables you to manage privileges for objects in a database.

mdb_adminmdb_admin

The mdb_admin role includes the following privileges:

  • Predefined role privileges:
    • pg_monitor
    • pg_signal_backend
      For more information about predefined roles, see the PostgreSQL documentation.
  • Subscription for logical replication (CREATE | DROP | ALTER SUBSCRIPTION).
  • Extensions:
    • dblink
    • pg_repack
    • postgres_fdw
    • pg_cron
  • Extension-specific functions:
    • pg_stat_kcache_reset() from the pg_stat_kcache extension.
    • pg_stat_reset() and pg_stat_statements_reset() from the pg_stat_statements extension.

mdb_monitormdb_monitor

The mdb_monitor role includes the following privileges:

  • Reading and executing various views and functions for monitoring.
  • Extensions:
    • pg_stat_statements
  • Functions for working with ordinary files:
    • pg_ls_logdir()
    • pg_ls_waldir()
    • pg_ls_archive_statusdir()
    • pg_ls_tmpdir ()

mdb_replicationmdb_replication

The mdb_replication role includes the following privileges:

  • Connecting to a cluster using the logical replication protocol (replication=database).
  • Replication functions:
    • pg_create_logical_replication_slot()
    • pg_drop_replication_slot()

Was the article helpful?

Previous
Backups
Next
Managing connections
© 2025 Direct Cursus Technology L.L.C.