Configuring and managing PGD doesn't require superuser access and we recommend that you don't use superuser access. Instead, the privileges required to administer PGD are split across the following predefined roles.

RoleDescription
bdr_superuserThe highest-privileged role, having access to all PGD tables and functions.
bdr_read_all_statsThe role having read-only access to the tables, views, and functions, sufficient to understand the state of PGD.
bdr_monitorIncludes the privileges of bdr_read_all_stats, with some extra privileges for monitoring.
bdr_applicationThe minimal privileges required by applications running PGD.
bdr_read_all_conflictsCan view all conflicts in bdr.conflict_history.

These roles are named to be analogous to PostgreSQL's pg_ predefined roles.

The PGD bdr_ roles are created when the BDR extension is installed. See PGD predefined roles for more details of the privileges each role has.

Managing PGD doesn't require that administrators have access to user data.

Arrangements for securing information about conflicts are discussed in Logging conflicts to a table.

You can monitor conflicts using the bdr.conflict_history_summary view.

The BDR extension and superuser access

The one exception to the rule of not needing superuser access is in the management of PGD's underlying BDR extension. Only superusers can create the BDR extension. However, if you want, you can set up the pgextwlist extension and configure it to allow a non-superuser to create a BDR extension.