Home > mailing lists

Re: Permission select pg_stat_replication - Mailing list pgsql-admin

From	Denish Patel
Subject	Re: Permission select pg_stat_replication
Date	April 1, 2015 19:54:06
Msg-id	CAFddxvPo8EkRhRAhjDyFNmyaPqRPstC=GLu_Kq5=dPAc1T=QFg@mail.gmail.com Whole thread Raw
In response to	Re: Permission select pg_stat_replication (Stephen Frost <sfrost@snowman.net>)
List	pgsql-admin

Tree view

Fair enough but they should be able to achieve their goal to avoid granting SUPER to monitoring user. They have to tweak the grant/revoke as desired.

On Wed, Apr 1, 2015 at 11:53 AM, Stephen Frost <sfrost@snowman.net> wrote:

* Denish Patel (denish@omniti.com) wrote:
> you should be able to use secure_check_postgres method to avoid granting
> SUPER permission on monitoring user.
[...]

Denish,

Please see my reply to Payal. This doesn't work. At the very least,
the permissions on the pg_stat_repl() function need to be adjusted to be
only GRANT'd to the monitoring user, otherwise the information is
available to everyone. If that's the intent, then the view might as
well be granted to PUBLIC.

Recall that, by defualt, EXECUTE on a function is granted to PUBLIC.

Thanks,

Stephen

Denish Patel,
OmniTI Computer Consulting Inc.
Database Architect,
http://omniti.com/does/data-management

http://www.pateldenish.com

pgsql-admin by date:

From: Stephen Frost
Date: 01 April 2015, 18:53:09
Subject: Re: Permission select pg_stat_replication

From: Alex Balashov
Date: 01 April 2015, 20:22:45
Subject: Restoring normal master-slave roles after replication failure

Re: Permission select pg_stat_replication - Mailing list pgsql-admin

Previous

Next