database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-13 07:41:39 +03:00
Code Activity

Default monitoring roles

Browse Source 
Three nologin roles with non-overlapping privs are created by default
* pg_read_all_settings - read all GUCs.
* pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size()
* pg_stat_scan_tables - may lock/scan tables

Top level role - pg_monitor includes all of the above by default, plus others

Author: Dave Page
Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
This commit is contained in:
Simon Riggs
2017-03-30 14:18:53 -04:00
parent e984ef5861
commit 25fff40798
30 changed files with 196 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/utils/adt/pgstatfuncs.c
View File

@ -15,6 +15,7 @@
#include "postgres.h"
#include "access/htup_details.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_type.h"
#include "common/ip.h"
#include "funcapi.h"
@ -658,8 +659,9 @@ pg_stat_get_activity(PG_FUNCTION_ARGS)
nulls[19] = nulls[20] = nulls[21] = nulls[22] = nulls[23] = true;
}
/* Values only available to role member */
if (has_privs_of_role(GetUserId(), beentry->st_userid))
/* Values only available to role member or pg_read_all_stats */
if (has_privs_of_role(GetUserId(), beentry->st_userid) ||
is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS))
{
SockAddr zero_clientaddr;