Assigning roles PostgreSQL
Written by
Updated at July 2, 2025
With Managed Service for PostgreSQL, you cannot access predefined roles. Instead, this service provides the following special roles:
mdb_superuser: For users who are not database owners but need to manage privileges as owners.mdb_admin: For users who are not database owners but need administrative privileges.mdb_monitor: For users who need to be able to read various configuration parameters, statistics, and other system information.mdb_replication: For users who need to be able to perform logical replication.
To assign a role to a user, use the Yandex Cloud interfaces: roles assigned by a GRANT request are revoked with the next database operation.
Note
You cannot create custom roles in Managed Service for PostgreSQL. User permissions depend on a set of privileges the user is granted.
mdb_superuser
The mdb_superuser role enables you to manage privileges for objects in a database.
mdb_admin
The mdb_admin role includes the following privileges:
- Predefined role privileges:
pg_monitorpg_signal_backend
For more information about predefined roles, see the PostgreSQL documentation.
- Subscription for logical replication (
CREATE | DROP | ALTER SUBSCRIPTION). - Extensions:
dblinkpg_repackpostgres_fdwpg_cron
- Extension-specific functions:
pg_stat_kcache_reset()from thepg_stat_kcacheextension.pg_stat_reset()andpg_stat_statements_reset()from thepg_stat_statementsextension.
mdb_monitor
The mdb_monitor role includes the following privileges:
- Reading and executing various views and functions for monitoring.
- Extensions:
pg_stat_statements
- Functions for working with ordinary files:
pg_ls_logdir()pg_ls_waldir()pg_ls_archive_statusdir()pg_ls_tmpdir ()
mdb_replication
The mdb_replication role includes the following privileges:
- Connecting to a cluster using the logical replication protocol (
replication=database). - Replication functions:
pg_create_logical_replication_slot()pg_drop_replication_slot()