| From: | Martín Marqués <martin(dot)marques(at)gmail(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, Martín Marqués <martin(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Read access for pg_monitor to pg_replication_origin_status view |
| Date: | 2021-11-15 17:45:09 |
| Message-ID: | CABeG9LtEw9w-YptGAMDvYK4oyXv2GC673gvHr=pWwprDHDLpfQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
I wanted to resurface this thread.
The original intention I had with this patch I sent over a year ago
was to have the possibility for monitoring ROLEs like pg_monitor and
pg_read_all_stats to have read access for the replication origin
status. Seems the patch only got half way through (we removed the
superuser hardcoded restriction).
Too bad I didn't notice this until 14 got out, or I'd have done this
much earlier. Well, maybe it's time to do it now :)
Sending a patch to change the privileges of the on the view and
function called by the view.
The only thing I'm not sure, but can amend, is if we need tests for
this change (that would be something like switching ROLE to
pg_read_all_stats and query the pg_replication_origin_status, checking
we get the right result.
Kind regards, Martín
--
Martín Marqués
It’s not that I have something to hide,
it’s that I have nothing I want you to see
| Attachment | Content-Type | Size |
|---|---|---|
| GRANT-SELECT-on-pg_replication_origin_status-to-pg_read_asll_stats.patch | text/x-patch | 1.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bossart, Nathan | 2021-11-15 17:46:31 | Re: Improving psql's \password command |
| Previous Message | Tom Lane | 2021-11-15 17:43:39 | Re: Test::More version |