On 3/27/17 08:54, Robert Haas wrote:
> OK, I see the points that both of you are making and I admit that
> they've got some validity to them. Let me make a modest proposal.
> Suppose we define the pg_monitor role as strictly a bundle of
> privileges that could be granted individually if desired, and
> similarly define pg_read_all_settings and pg_read_all_stats as roles
> that are strictly recognized by the code, without any grants.
I think this is very important. We can't have roles that do both. That
will just cause confusion. Security confusion.
I'm confused about the definition of the pg_read_all_stats role. It
seems to give read access to just about everything that rhymes with
"stats" as well as a random collection of other things such as table
sizes. Except actual table statistics, which was my first guess.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services