database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-27 12:41:57 +03:00
Code Activity

Default monitoring roles

Browse Source 
Three nologin roles with non-overlapping privs are created by default
* pg_read_all_settings - read all GUCs.
* pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size()
* pg_stat_scan_tables - may lock/scan tables

Top level role - pg_monitor includes all of the above by default, plus others

Author: Dave Page
Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
This commit is contained in:
Simon Riggs
2017-03-30 14:18:53 -04:00
parent e984ef5861
commit 25fff40798
30 changed files with 196 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/pgstattuple/pgstattuple--1.4--1.5.sql
View File

@ -17,6 +17,7 @@ AS 'MODULE_PATHNAME', 'pgstattuple_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstattuple(text) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstattuple(text) TO pg_stat_scan_tables;
CREATE OR REPLACE FUNCTION pgstatindex(IN relname text,
OUT version INT,
@ -33,6 +34,7 @@ AS 'MODULE_PATHNAME', 'pgstatindex_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstatindex(text) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstatindex(text) TO pg_stat_scan_tables;
CREATE OR REPLACE FUNCTION pg_relpages(IN relname text)
RETURNS BIGINT
@ -40,6 +42,7 @@ AS 'MODULE_PATHNAME', 'pg_relpages_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pg_relpages(text) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pg_relpages(text) TO pg_stat_scan_tables;
/* New stuff in 1.1 begins here */
@ -51,6 +54,7 @@ AS 'MODULE_PATHNAME', 'pgstatginindex_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstatginindex(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstatginindex(regclass) TO pg_stat_scan_tables;
/* New stuff in 1.2 begins here */
@ -68,6 +72,7 @@ AS 'MODULE_PATHNAME', 'pgstattuplebyid_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstattuple(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstattuple(regclass) TO pg_stat_scan_tables;
CREATE OR REPLACE FUNCTION pgstatindex(IN relname regclass,
OUT version INT,
@ -84,6 +89,7 @@ AS 'MODULE_PATHNAME', 'pgstatindexbyid_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstatindex(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstatindex(regclass) TO pg_stat_scan_tables;
CREATE OR REPLACE FUNCTION pg_relpages(IN relname regclass)
RETURNS BIGINT
@ -91,6 +97,7 @@ AS 'MODULE_PATHNAME', 'pg_relpagesbyid_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pg_relpages(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pg_relpages(regclass) TO pg_stat_scan_tables;
/* New stuff in 1.3 begins here */
@ -109,6 +116,7 @@ AS 'MODULE_PATHNAME', 'pgstattuple_approx_v1_5'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstattuple_approx(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstattuple_approx(regclass) TO pg_stat_scan_tables;
/* New stuff in 1.5 begins here */
@ -125,3 +133,4 @@ AS 'MODULE_PATHNAME', 'pgstathashindex'
LANGUAGE C STRICT PARALLEL SAFE;
REVOKE EXECUTE ON FUNCTION pgstathashindex(regclass) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION pgstathashindex(regclass) TO pg_stat_scan_tables;