| Snapshot (Source) | pgstreamsource | - Read-only access to schemas/tables being snapshotted - (Optional) Read access to pg_authid (if snapshotting roles with passwords) | Example grants: GRANT pg_read_all_settings TO pgstreamsource; GRANT SELECT ON pg_authid TO pgstreamsource; |
| Snapshot (Target) | pgstreamtarget | - Ownership of database & schemas - (Optional) CREATEDB (if creating target databases) - (Optional) CREATEROLE (if restoring roles) - (Optional) Ability to SET session_replication_role (if disabling triggers during load) | Role must already hold any privileges it assigns when creating other roles. |
| Replication (Source, Initialization) | Initialization user (e.g., postgres) | - Ability to create schemas, event triggers, and functions - Replication privileges (REPLICATION) | Requires elevated privileges because event triggers must be created. |
| Replication (Source, Streaming) | pgstreamsource | - Ownership of replicated database, schemas, and pgstream objects - Replication privileges (REPLICATION) | Can be a more restricted role than the initialization user. |
| Replication (Target) | pgstreamtarget | - Ownership of database & schemas - Ability to apply DML and DDL changes | If combined with snapshot, also meet snapshot target requirements. |
