| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Denish Patel <denish(at)omniti(dot)com> |
| Cc: | jesse(dot)waters(at)gmail(dot)com, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Permission select pg_stat_replication |
| Date: | 2015-04-01 15:53:02 |
| Message-ID: | 20150401155302.GP3663@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-hackers |
* Denish Patel (denish(at)omniti(dot)com) wrote:
> you should be able to use secure_check_postgres method to avoid granting
> SUPER permission on monitoring user.
[...]
Denish,
Please see my reply to Payal. This doesn't work. At the very least,
the permissions on the pg_stat_repl() function need to be adjusted to be
only GRANT'd to the monitoring user, otherwise the information is
available to everyone. If that's the intent, then the view might as
well be granted to PUBLIC.
Recall that, by defualt, EXECUTE on a function is granted to PUBLIC.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Denish Patel | 2015-04-01 16:53:39 | Re: Permission select pg_stat_replication |
| Previous Message | Denish Patel | 2015-04-01 15:46:46 | Re: Permission select pg_stat_replication |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-04-01 16:04:40 | Re: Tables cannot have INSTEAD OF triggers |
| Previous Message | Robert Haas | 2015-04-01 15:52:07 | Re: TABLESAMPLE patch |