mirror of
https://github.com/postgres/postgres.git
synced 2025-07-27 12:41:57 +03:00
Default monitoring roles
Three nologin roles with non-overlapping privs are created by default * pg_read_all_settings - read all GUCs. * pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size() * pg_stat_scan_tables - may lock/scan tables Top level role - pg_monitor includes all of the above by default, plus others Author: Dave Page Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
This commit is contained in:
@ -4,9 +4,10 @@ MODULE_big = pg_stat_statements
|
||||
OBJS = pg_stat_statements.o $(WIN32RES)
|
||||
|
||||
EXTENSION = pg_stat_statements
|
||||
DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.3--1.4.sql \
|
||||
pg_stat_statements--1.2--1.3.sql pg_stat_statements--1.1--1.2.sql \
|
||||
pg_stat_statements--1.0--1.1.sql pg_stat_statements--unpackaged--1.0.sql
|
||||
DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.4--1.5.sql \
|
||||
pg_stat_statements--1.3--1.4.sql pg_stat_statements--1.2--1.3.sql \
|
||||
pg_stat_statements--1.1--1.2.sql pg_stat_statements--1.0--1.1.sql \
|
||||
pg_stat_statements--unpackaged--1.0.sql
|
||||
PGFILEDESC = "pg_stat_statements - execution statistics of SQL statements"
|
||||
|
||||
LDFLAGS_SL += $(filter -lm, $(LIBS))
|
||||
|
@ -0,0 +1,6 @@
|
||||
/* contrib/pg_stat_statements/pg_stat_statements--1.4--1.5.sql */
|
||||
|
||||
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
|
||||
\echo Use "ALTER EXTENSION pg_stat_statements UPDATE TO '1.5'" to load this file. \quit
|
||||
|
||||
GRANT EXECUTE ON FUNCTION pg_stat_statements_reset() TO pg_read_all_stats;
|
@ -62,6 +62,7 @@
|
||||
#include <unistd.h>
|
||||
|
||||
#include "access/hash.h"
|
||||
#include "catalog/pg_authid.h"
|
||||
#include "executor/instrument.h"
|
||||
#include "funcapi.h"
|
||||
#include "mb/pg_wchar.h"
|
||||
@ -1391,7 +1392,7 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,
|
||||
MemoryContext per_query_ctx;
|
||||
MemoryContext oldcontext;
|
||||
Oid userid = GetUserId();
|
||||
bool is_superuser = superuser();
|
||||
bool is_allowed_role = false;
|
||||
char *qbuffer = NULL;
|
||||
Size qbuffer_size = 0;
|
||||
Size extent = 0;
|
||||
@ -1399,6 +1400,9 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,
|
||||
HASH_SEQ_STATUS hash_seq;
|
||||
pgssEntry *entry;
|
||||
|
||||
/* Superusers or members of pg_read_all_stats members are allowed */
|
||||
is_allowed_role = is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS);
|
||||
|
||||
/* hash table must exist already */
|
||||
if (!pgss || !pgss_hash)
|
||||
ereport(ERROR,
|
||||
@ -1541,7 +1545,7 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,
|
||||
values[i++] = ObjectIdGetDatum(entry->key.userid);
|
||||
values[i++] = ObjectIdGetDatum(entry->key.dbid);
|
||||
|
||||
if (is_superuser || entry->key.userid == userid)
|
||||
if (is_allowed_role || entry->key.userid == userid)
|
||||
{
|
||||
if (api_version >= PGSS_V1_2)
|
||||
values[i++] = Int64GetDatumFast(queryid);
|
||||
|
@ -1,5 +1,5 @@
|
||||
# pg_stat_statements extension
|
||||
comment = 'track execution statistics of all SQL statements executed'
|
||||
default_version = '1.4'
|
||||
default_version = '1.5'
|
||||
module_pathname = '$libdir/pg_stat_statements'
|
||||
relocatable = true
|
||||
|
Reference in New Issue
Block a user