Quick Links

Re: Read access for pg_monitor to pg_replication_origin_status view

From:	Michael Paquier <michael(at)paquier(dot)xyz>
To:	Martín Marqués <martin(at)2ndquadrant(dot)com>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Read access for pg_monitor to pg_replication_origin_status view
Date:	2020-05-31 02:02:20
Message-ID:	20200531020220.GL44192@paquier.xyz
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, May 29, 2020 at 05:39:31PM -0300, Martín Marqués wrote:
> I believe we could skip the superuser() check for cases like
> pg_replication_origin_session_progress() and
> pg_replication_origin_progress().
>
> Once option could be to add a third bool argument check_superuser to
> replorigin_check_prerequisites() and have it set to false for the
> functions which a none superuser could execute.

Wouldn't it be just better to remove this hardcoded superuser check
and replace it with equivalent ACLs by default? The trick is to make
sure that any function calling replorigin_check_prerequisites() has
its execution correctly revoked from public. See for example
e79350fe.
--
Michael

In response to

Re: Read access for pg_monitor to pg_replication_origin_status view at 2020-05-29 20:39:31 from Martín Marqués

Responses

Re: Read access for pg_monitor to pg_replication_origin_status view at 2020-05-31 15:13:08 from Martín Marqués

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Michael Paquier	2020-05-31 02:34:11	Re: Inlining of couple of functions in pl_exec.c improves performance
Previous Message	Andrew Dunstan	2020-05-30 12:34:37	Re: OpenSSL 3.0.0 compatibility