mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
Default monitoring roles
Three nologin roles with non-overlapping privs are created by default * pg_read_all_settings - read all GUCs. * pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size() * pg_stat_scan_tables - may lock/scan tables Top level role - pg_monitor includes all of the above by default, plus others Author: Dave Page Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
This commit is contained in:
@ -10221,15 +10221,17 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
|
||||
<entry><type>text</type></entry>
|
||||
<entry>Configuration file the current value was set in (null for
|
||||
values set from sources other than configuration files, or when
|
||||
examined by a non-superuser);
|
||||
helpful when using <literal>include</> directives in configuration files</entry>
|
||||
examined by a user who is neither a superuser or a member of
|
||||
<literal>pg_read_all_settings</literal>); helpful when using
|
||||
<literal>include</> directives in configuration files</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><structfield>sourceline</structfield></entry>
|
||||
<entry><type>integer</type></entry>
|
||||
<entry>Line number within the configuration file the current value was
|
||||
set at (null for values set from sources other than configuration files,
|
||||
or when examined by a non-superuser)
|
||||
or when examined by a user who is neither a superuser or a member of
|
||||
<literal>pg_read_all_settings</literal>).
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
|
@ -19408,9 +19408,11 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
|
||||
accept the OID or name of a database or tablespace, and return the total
|
||||
disk space used therein. To use <function>pg_database_size</function>,
|
||||
you must have <literal>CONNECT</> permission on the specified database
|
||||
(which is granted by default). To use <function>pg_tablespace_size</>,
|
||||
you must have <literal>CREATE</> permission on the specified tablespace,
|
||||
unless it is the default tablespace for the current database.
|
||||
(which is granted by default), or be a member of the <literal>pg_read_all_stats</>
|
||||
role. To use <function>pg_tablespace_size</>, you must have
|
||||
<literal>CREATE</> permission on the specified tablespace, or be a member
|
||||
of the <literal>pg_read_all_stats</> role unless it is the default tablespace for
|
||||
the current database.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
@ -19736,7 +19738,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
|
||||
<entry><type>setof record</type></entry>
|
||||
<entry>
|
||||
List the name, size, and last modification time of files in the log
|
||||
directory. Access may be granted to non-superuser roles.
|
||||
directory. Access is granted to members of the <literal>pg_monitor</>
|
||||
role and may be granted to other non-superuser roles.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
@ -19746,7 +19749,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
|
||||
<entry><type>setof record</type></entry>
|
||||
<entry>
|
||||
List the name, size, and last modification time of files in the WAL
|
||||
directory. Access may be granted to non-superuser roles.
|
||||
directory. Access is granted to members of the <literal>pg_monitor</>
|
||||
role and may be granted to other non-superuser roles.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
@ -19807,8 +19811,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
|
||||
<para>
|
||||
<function>pg_ls_logdir</> returns the name, size, and last modified time
|
||||
(mtime) of each file in the log directory. By default, only superusers
|
||||
can use this function, but access may be granted to others using
|
||||
<command>GRANT</command>.
|
||||
and members of the <literal>pg_monitor</> role can use this function.
|
||||
Access may be granted to others using <command>GRANT</command>.
|
||||
</para>
|
||||
|
||||
<indexterm>
|
||||
@ -19817,8 +19821,9 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup());
|
||||
<para>
|
||||
<function>pg_ls_waldir</> returns the name, size, and last modified time
|
||||
(mtime) of each file in the write ahead log (WAL) directory. By
|
||||
default only superusers can use this function, but access may be granted
|
||||
to others using <command>GRANT</command>.
|
||||
default only superusers and members of the <literal>pg_monitor</> role
|
||||
can use this function. Access may be granted to others using
|
||||
<command>GRANT</command>.
|
||||
</para>
|
||||
|
||||
<indexterm>
|
||||
|
@ -24,8 +24,9 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
By default public access is revoked from both of these, just in case there
|
||||
are security issues lurking.
|
||||
By default use is restricted to superusers and members of the
|
||||
<literal>pg_read_all_stats</literal> role. Access may be granted to others
|
||||
using <command>GRANT</command>.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
|
@ -16,8 +16,9 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
By default public access is revoked from the functions, just in case
|
||||
there are security issues lurking.
|
||||
By default use is restricted to superusers and members of the
|
||||
<literal>pg_stat_scan_tables</literal> role. Access may be granted to others
|
||||
using <command>GRANT</command>.
|
||||
</para>
|
||||
|
||||
<sect2>
|
||||
|
@ -12,6 +12,13 @@
|
||||
locking information for a specified table.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
By default use is restricted to superusers, members of the
|
||||
<literal>pg_stat_scan_tables</literal> role, and users with
|
||||
<literal>SELECT</literal> permissions on the table.
|
||||
</para>
|
||||
|
||||
|
||||
<sect2>
|
||||
<title>Overview</title>
|
||||
|
||||
|
@ -226,10 +226,11 @@
|
||||
</table>
|
||||
|
||||
<para>
|
||||
For security reasons, non-superusers are not allowed to see the SQL
|
||||
text or <structfield>queryid</structfield> of queries executed by other users.
|
||||
They can see the statistics, however, if the view has been installed in their
|
||||
database.
|
||||
For security reasons, only superusers and members of the
|
||||
<literal>pg_read_all_stats<literal> role are allowed to see the SQL text and
|
||||
<structfield>queryid</structfield> of queries executed by other users.
|
||||
Other users can see the statistics, however, if the view has been installed
|
||||
in their database.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
@ -16,7 +16,8 @@
|
||||
As these functions return detailed page-level information, only the superuser
|
||||
has EXECUTE privileges on them upon installation. After the functions have
|
||||
been installed, users may issue <command>GRANT</command> commands to change
|
||||
the privileges on the functions to allow non-superusers to execute them. See
|
||||
the privileges on the functions to allow non-superusers to execute them. Members
|
||||
of the <literal>pg_stat_scan_tables</literal> role are granted access by default. See
|
||||
the description of the <xref linkend="sql-grant"> command for specifics.
|
||||
</para>
|
||||
|
||||
|
@ -140,7 +140,10 @@
|
||||
</variablelist>
|
||||
|
||||
<para>
|
||||
By default, these functions are executable only by superusers.
|
||||
By default, these functions are executable only by superusers and members of the
|
||||
<literal>pg_stat_scan_tables</literal> role, with the exception of
|
||||
<function>pg_truncate_visibility_map(relation regclass)</function> which can only
|
||||
be executed by superusers.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
|
@ -515,14 +515,50 @@ DROP ROLE doomed_role;
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>pg_read_all_settings</entry>
|
||||
<entry>Read all configuration variables, even those normally visible only to
|
||||
superusers.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>pg_read_all_stats</entry>
|
||||
<entry>Read all pg_stat_* views and use various statistics related extensions,
|
||||
even those normally visible only to superusers.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>pg_stat_scan_tables</entry>
|
||||
<entry>Execute monitoring functions that may take AccessShareLocks on tables,
|
||||
potentially for a long time.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>pg_signal_backend</entry>
|
||||
<entry>Send signals to other backends (eg: cancel query, terminate).</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>pg_monitor</entry>
|
||||
<entry>Read/execute various monitoring views and functions.
|
||||
This role is a member of <literal>pg_read_all_settings</literal>,
|
||||
<literal>pg_read_all_stats</literal> and
|
||||
<literal>pg_stat_scan_tables</literal>.</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>
|
||||
The <literal>pg_monitor</literal>, <literal>pg_read_all_settings</literal>,
|
||||
<literal>pg_read_all_stats</literal> and <literal>pg_stat_scan_tables</literal>
|
||||
roles are intended to allow administrators to easily configure a role for the
|
||||
purpose of monitoring the database server. They grant a set of common privileges
|
||||
allowing the role to read various useful configuration settings, statistics and
|
||||
other system information normally restricted to superusers.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Care should be taken when granting these roles to ensure they are only used where
|
||||
needed to perform the desired monitoring.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Administrators can grant access to these roles to users using the GRANT
|
||||
command:
|
||||
|
Reference in New Issue
Block a user