From: | Martín Marqués <martin(at)2ndquadrant(dot)com> |
---|---|
To: | Michael Paquier <michael(at)paquier(dot)xyz> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Read access for pg_monitor to pg_replication_origin_status view |
Date: | 2020-06-02 00:41:13 |
Message-ID: | CAPdiE1x-5DCD5-u9haR9Er5WUu3UTThPVvGbU+wgUJ1GL9SC+A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi,
> Took me a bit longer than expected, but here is a new version, now
> with the idea of just removing the superuser() check and REVOKEing
> execution of the functions from public. At the end I grant permission
> to functions and the pg_replication_origin_status view.
>
> I wonder now if I needed to GRANT execution of the functions. A grant
> on the view should be enough.
>
> I'll think about it.
Yeah, those `GRANT EXECUTE` for the 2 functions should go, as the view
which is what we want to `SELECT` from has the appropriate ACL set.
$ git diff
diff --git a/src/backend/catalog/system_views.sql
b/src/backend/catalog/system_views.sql
index c16061f8f00..97ee72a9cfc 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -1494,9 +1494,6 @@ GRANT EXECUTE ON FUNCTION
pg_ls_archive_statusdir() TO pg_monitor;
GRANT EXECUTE ON FUNCTION pg_ls_tmpdir() TO pg_monitor;
GRANT EXECUTE ON FUNCTION pg_ls_tmpdir(oid) TO pg_monitor;
-GRANT EXECUTE ON FUNCTION pg_replication_origin_progress(text,
boolean) TO pg_monitor;
-GRANT EXECUTE ON FUNCTION
pg_replication_origin_session_progress(boolean) TO pg_monitor;
-
GRANT pg_read_all_settings TO pg_monitor;
GRANT pg_read_all_stats TO pg_monitor;
GRANT pg_stat_scan_tables TO pg_monitor;
Regards,
--
Martín Marqués http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | John Bachir | 2020-06-02 01:55:43 | Re: feature idea: use index when checking for NULLs before SET NOT NULL |
Previous Message | David Zhang | 2020-06-02 00:05:50 | Re: Postgres Windows build system doesn't work with python installed in Program Files |