Re: Monitoring roles patch
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Monitoring roles patch |
| Дата | |
| Msg-id | fc6b6953-7a00-3c84-1a58-3f5aa5c330a6@2ndquadrant.com обсуждение исходный текст |
| Ответ на | [HACKERS] Monitoring roles patch (Dave Page <dpage@pgadmin.org>) |
| Список | pgsql-hackers |
On 3/27/17 08:54, Robert Haas wrote: > OK, I see the points that both of you are making and I admit that > they've got some validity to them. Let me make a modest proposal. > Suppose we define the pg_monitor role as strictly a bundle of > privileges that could be granted individually if desired, and > similarly define pg_read_all_settings and pg_read_all_stats as roles > that are strictly recognized by the code, without any grants. I think this is very important. We can't have roles that do both. That will just cause confusion. Security confusion. I'm confused about the definition of the pg_read_all_stats role. It seems to give read access to just about everything that rhymes with "stats" as well as a random collection of other things such as table sizes. Except actual table statistics, which was my first guess. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: