A “superuser”
# CREATE ROLE pgx_admin CREATEDB CREATEROLE BYPASSRLS NOLOGIN;
# GRANT CREATE ON my_db TO pgx_admin;
# GRANT ALL ON SCHEMA public TO pgx_admin;
# GRANT pg_read_all_data,
pg_write_all_data,
pg_read_all_settings,
pg_read_all_stats,
pg_stat_scan_tables,
pg_monitor,
pg_signal_backend,
pg_checkpoint,
pg_use_reserved_connections,
pg_create_subscription WITH ADMIN OPTION;
# GRANT ALL ON PARAMETER <parameter>, ... TO pgx_admin WITH GRANT OPTION;
# ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO dml_only WITH GRANT OPTION;
# ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO dml_only WITH GRANT OPTION;
# ALTER DEFAULT PRIVILEGES GRANT ALL ON ROUTINES TO dml_only WITH GRANT OPTION;
-- This role cannot log in, but other users can be granted the ability to set to it.
-- DO NOT use this user for regular operations.