Re: Permission select pg_stat_replication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> Gilberto,
>
> * Gilberto Castillo (gilberto.castillo@xxxxxxxxx) wrote:
>> > * Gilberto Castillo (gilberto.castillo@xxxxxxxxx) wrote:
>> >> > * jesse.waters@xxxxxxxxx (jesse.waters@xxxxxxxxx) wrote:
>> >> >>  Could someone tell me what permission is required to
>> >> >> select * from pg_stat_replication; ?
>> >> >
>> >> > Currently, you're required to have superuser rights.
>> >> >
>> >> >> I like to setup a monitor to query database with minimal
>> privileges
>> >> >> necessary.
>> >> >
>> >> > I agree 110% and am actively working to fix exactly this issue.  I
>> >> hope
>> >> > to have a patch in the next day or so which will allow you to GRANT
>> >> > rights to such a monitor user which will allow that user to see all
>> >> the
>> >> > contents of pg_stat_replication.
>> >> >
>> >> > One thing which would be really great is if you have time to test
>> with
>> >> > the patch I'm working up (it's against 9.5, but this is strictly
>> >> > functionality testing and should be just in in a dev/test
>> environment,
>> >> > I wouldn't suggest running 9.5 in production, of course!).
>> > [...]
>> >> SET SESSION AUTHORIZATION postgres;
>> >>
>> >> GRANT SELECT ON pg_stat_replication TO usuario1;
>> >
>> > This is (essentially) what I'm hoping to enable.  Note that this won't
>> > do anything for you today as the view is already available to all
>> users
>> > on the system and it's actually the function underneath which is
>> > filtering the result set.
>>
>> ALTER DEFAULT PRIVILEGES FOR ROLE postgres GRANT SELECT ON VIEWS  TO
>> usuario1;
>>
>> Nor does it work?
>
> No.  Feel free to try, but there's an explicit check in the C code which
> is what the SQL-level function that's under the view is calling.  In
> current 9.5/master, at least, it's at:
>
> src/backend/replication/walsender.c:2797
>
>         if (!superuser())
>         {
>             /*
>              * Only superusers can see details. Other users only get the
> pid
>              * value to know it's a walsender, but no details.
>              */
>             MemSet(&nulls[1], true, PG_STAT_GET_WAL_SENDERS_COLS - 1);
>         }
>


Thanks Stephen for you information.


Rgds,
Gilberto Castillo
La Habana, Cuba

--- 
This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running at host imx3.etecsa.cu
Visit our web-site: <http://www.kaspersky.com>, <http://www.viruslist.com>

-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux