Re: Permission select pg_stat_replication

Поиск
Список
Период
Сортировка
От Gilberto Castillo
Тема Re: Permission select pg_stat_replication
Дата
Msg-id 46016.192.168.207.54.1427813265.squirrel@webmail.etecsa.cu
обсуждение исходный текст
Ответ на Re: Permission select pg_stat_replication  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Permission select pg_stat_replication  (<jesse.waters@gmail.com>)
Список pgsql-admin
Дерево обсуждения 

> Gilberto,
>
> * Gilberto Castillo (gilberto.castillo@etecsa.cu) wrote:
>> > * Gilberto Castillo (gilberto.castillo@etecsa.cu) wrote:
>> >> > * jesse.waters@gmail.com (jesse.waters@gmail.com) wrote:
>> >> >>  Could someone tell me what permission is required to
>> >> >> select * from pg_stat_replication; ?
>> >> >
>> >> > Currently, you're required to have superuser rights.
>> >> >
>> >> >> I like to setup a monitor to query database with minimal
>> privileges
>> >> >> necessary.
>> >> >
>> >> > I agree 110% and am actively working to fix exactly this issue.  I
>> >> hope
>> >> > to have a patch in the next day or so which will allow you to GRANT
>> >> > rights to such a monitor user which will allow that user to see all
>> >> the
>> >> > contents of pg_stat_replication.
>> >> >
>> >> > One thing which would be really great is if you have time to test
>> with
>> >> > the patch I'm working up (it's against 9.5, but this is strictly
>> >> > functionality testing and should be just in in a dev/test
>> environment,
>> >> > I wouldn't suggest running 9.5 in production, of course!).
>> > [...]
>> >> SET SESSION AUTHORIZATION postgres;
>> >>
>> >> GRANT SELECT ON pg_stat_replication TO usuario1;
>> >
>> > This is (essentially) what I'm hoping to enable.  Note that this won't
>> > do anything for you today as the view is already available to all
>> users
>> > on the system and it's actually the function underneath which is
>> > filtering the result set.
>>
>> ALTER DEFAULT PRIVILEGES FOR ROLE postgres GRANT SELECT ON VIEWS  TO
>> usuario1;
>>
>> Nor does it work?
>
> No.  Feel free to try, but there's an explicit check in the C code which
> is what the SQL-level function that's under the view is calling.  In
> current 9.5/master, at least, it's at:
>
> src/backend/replication/walsender.c:2797
>
>         if (!superuser())
>         {
>             /*
>              * Only superusers can see details. Other users only get the
> pid
>              * value to know it's a walsender, but no details.
>              */
>             MemSet(&nulls[1], true, PG_STAT_GET_WAL_SENDERS_COLS - 1);
>         }
>


Thanks Stephen for you information.


Rgds,
Gilberto Castillo
La Habana, Cuba
---
This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running at host imx3.etecsa.cu
Visit our web-site: <http://www.kaspersky.com>, <http://www.viruslist.com>

В списке pgsql-admin по дате отправления:

Предыдущее
От: Stephen Frost
Дата:
Сообщение: Re: Permission select pg_stat_replication
Следующее
От: BRUNO CESAR BERNARDES
Дата:
Сообщение: Catalog permissions