database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-09-02 04:21:28 +03:00
Code Activity

Default monitoring roles

Browse Source 
Three nologin roles with non-overlapping privs are created by default
* pg_read_all_settings - read all GUCs.
* pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size()
* pg_stat_scan_tables - may lock/scan tables

Top level role - pg_monitor includes all of the above by default, plus others

Author: Dave Page
Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
This commit is contained in:
Simon Riggs
2017-03-30 14:18:53 -04:00
parent e984ef5861
commit 25fff40798
30 changed files with 196 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/src/sgml/pgstatstatements.sgml
View File

@@ -226,10 +226,11 @@
</table>
<para>
For security reasons, non-superusers are not allowed to see the SQL
text or <structfield>queryid</structfield> of queries executed by other users.
They can see the statistics, however, if the view has been installed in their
database.
For security reasons, only superusers and members of the
<literal>pg_read_all_stats<literal> role are allowed to see the SQL text and
<structfield>queryid</structfield> of queries executed by other users.
Other users can see the statistics, however, if the view has been installed
in their database.
</para>
<para>