> ## Documentation Index
> Fetch the complete documentation index at: https://xata.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Privileges

This document summarizes the privileges required for different pgstream operations in PostgreSQL.
It is **service-agnostic**, focusing only on what pgstream itself requires.

For cloud-provider-specific instructions and constraints, please see:

* [Xata Onboarding Guide](/opensource/pgstream/docs/xata)
* [AWS Onboarding Guide](/opensource/pgstream/docs/aws)
* [Google Cloud (CloudSQL) Onboarding Guide](/opensource/pgstream/docs/gcp_cloudsql)
* [Neon Onboarding Guide](/opensource/pgstream/docs/neon)

***

## Privileges Matrix

| Mode                                     | Role                                   | Required Privileges                                                                                                                                                                                                                      | Notes                                                                                                        |
| ---------------------------------------- | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ |
| **Snapshot (Source)**                    | `pgstreamsource`                       | - **Read-only access** to schemas/tables being snapshotted - *(Optional)* Read access to `pg_authid` (if snapshotting roles with passwords)                                                                                              | Example grants: `GRANT pg_read_all_settings TO pgstreamsource; GRANT SELECT ON pg_authid TO pgstreamsource;` |
| **Snapshot (Target)**                    | `pgstreamtarget`                       | - Ownership of database & schemas - *(Optional)* `CREATEDB` (if creating target databases) - *(Optional)* `CREATEROLE` (if restoring roles) - *(Optional)* Ability to `SET session_replication_role` (if disabling triggers during load) | Role must already hold any privileges it assigns when creating other roles.                                  |
| **Replication (Source, Initialization)** | Initialization user (e.g., `postgres`) | - Ability to create schemas, event triggers, and functions - Replication privileges (`REPLICATION`)                                                                                                                                      | Requires elevated privileges because event triggers must be created.                                         |
| **Replication (Source, Streaming)**      | `pgstreamsource`                       | - Ownership of replicated database, schemas, and pgstream objects - Replication privileges (`REPLICATION`)                                                                                                                               | Can be a more restricted role than the initialization user.                                                  |
| **Replication (Target)**                 | `pgstreamtarget`                       | - Ownership of database & schemas - Ability to apply DML and DDL changes                                                                                                                                                                 | If combined with snapshot, also meet snapshot target requirements.                                           |

ℹ️ **Terminology**:

* `pgstreamsource` → user defined in the **pgstream source URL**
* `pgstreamtarget` → user defined in the **pgstream target URL**
