| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Monitoring roles patch |
| Date: | 2017-03-22 11:32:25 |
| Message-ID: | CA+TgmobveXzVPytFOO3AkmsM+Y=YEG+UXcCvgwAt+SgYj85OCA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Feb 24, 2017 at 5:14 AM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> - Adds a default role called pg_monitor
> - Gives members of the pg_monitor role full access to:
> pg_ls_logdir() and pg_ls_waldir()
> pg_stat_* views and functions
> pg_tablespace_size() and pg_database_size()
> Contrib modules:
> pg_buffercache,
> pg_freespacemap,
> pgrowlocks,
> pg_stat_statements,
> pgstattuple and
> pg_visibility (but NOT pg_truncate_visibility_map() )
> - Adds a default role called pg_read_all_gucs
> - Allows members of pg_read_all_gucs to, well, read all GUCs
> - Grants pg_read_all_gucs to pg_monitor
I like the pg_read_all_gucs role, which I agree with Peter should be
called pg_read_all_settings. I'd be inclined to skip the rest of
this. If an individual user wants to grant that bundle of privileges
to a role, they can do it with or without pg_monitor.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2017-03-22 11:33:41 | Re: GUC for cleanup indexes threshold. |
| Previous Message | Robert Haas | 2017-03-22 11:29:39 | Re: Measuring replay lag |