On Fri, Feb 24, 2017 at 5:14 AM, Dave Page <dpage@pgadmin.org> wrote:
> - Adds a default role called pg_monitor
> - Gives members of the pg_monitor role full access to:
> pg_ls_logdir() and pg_ls_waldir()
> pg_stat_* views and functions
> pg_tablespace_size() and pg_database_size()
> Contrib modules:
> pg_buffercache,
> pg_freespacemap,
> pgrowlocks,
> pg_stat_statements,
> pgstattuple and
> pg_visibility (but NOT pg_truncate_visibility_map() )
> - Adds a default role called pg_read_all_gucs
> - Allows members of pg_read_all_gucs to, well, read all GUCs
> - Grants pg_read_all_gucs to pg_monitor
I like the pg_read_all_gucs role, which I agree with Peter should be
called pg_read_all_settings. I'd be inclined to skip the rest of
this. If an individual user wants to grant that bundle of privileges
to a role, they can do it with or without pg_monitor.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company