On Mon, Aug 27, 2007 at 08:08:34AM -0700, Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> I just saw this in the weekly news:
> 
> Restrict pg_relation_size to relation owner, pg_database_size to DB
> owner, and pg_tablespace_size to superusers.  Perhaps we could
> weaken the first case to just require SELECT privilege, but that
> doesn't work for the other cases, so use ownership as the common
> concept.
> 
> This is a problem. Our analytics software purposefully does not use a
> super user, you are going to force the use of superusers with admin and
> monitoring tools.
 
Well, you could always create a wrapper function that is SECURITY
DEFINER...

Honestly, I have to wonder if it'd be best to just restrict all those
functions to superuser-only. They tend to be rather slow to run since
they have to stat each file, so I'm worried about what kind of load that
would present on a loaded system.
-- 
Decibel!, aka Jim Nasby                        [EMAIL PROTECTED]
EnterpriseDB      http://enterprisedb.com      512.569.9461 (cell)

Attachment: pgpcc6ArpkAWX.pgp
Description: PGP signature

Reply via email to