postgres "ngb" user privilege "superuser" , problematic for production/ postgres as service from cloud provider

[yshashix]

allocating "ngb" postgress user "superuser" priviliege makes it bypass all access privilege checks within the database, potentially leading to security risks. Thus it is also not provided by cloud provider offering postgress as service. Can you recommend what privileges exaclty you need except superuser?

In documentation, it is like below.

Once PostgreSQL is successfully installed in your machine create the database ngb and change its role by running the following commands:

psql -U postgres -c “create database ngb;”
psql -U postgres -c “create user ngb with password ‘ngb’;”
psql -U postgres -c “alter database ngb owner to ngb;”
psql -U postgres -c “grant all privileges on database ngb to ngb;”
psql -U postgres -c “alter role ngb superuser;”

[ScorpioBroker]

hi,

yes the user needs to be owner of the database ngb and needs to be able to create new databases for tenants (CREATEDB role). In the current setups we have tested with the creator becomes directly the owner of the db so nor further privilege transfer happens there. Also we are using triggers and functions which the ngb user creates so TRIGGER would be needed as well.

[yshashix]

Thank you for ur answer. I found that we need superuser in case postgis extension is not enabled in ngb database. I guess for ngb users to create TRIGGER , CREATEDB role should be enough to give such privilege right?