| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Dave Page <dpage(at)pgadmin(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Monitoring roles patch |
| Date: | 2017-03-22 12:55:07 |
| Message-ID: | c99cde7f-0aa7-ebaa-b9f4-ee75522554a4@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/22/17 07:48, Dave Page wrote:
> With the patch, complex monitoring systems can easily be setup with
> something like:
>
> CREATE ROLE monitoring_user LOGIN;
> GRANT pg_monitor TO monitoring_role;
That assumes that we have thought of all the ways in which people might
want to monitor things.
If we do it via GRANTs instead, then users can easily extend it.
If we instead change the hardcoded superuser checks to hardcoded
some-other-role checks, then the whole system instantly becomes unusable
the moment someone wants to monitor something we haven't thought of.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2017-03-22 12:58:18 | Re: increasing the default WAL segment size |
| Previous Message | Amit Kapila | 2017-03-22 12:52:55 | Re: Supporting huge pages on Windows |