On Mon, Mar 14, 2022 at 8:25 PM Stephen Frost <sfr...@snowman.net> wrote: > > > As this patch is currently written, pg_monitor has access these > > functions, though I don't think that's the right privilege level at > > least for pg_get_raw_wal_record(). > > Yeah, I agree that pg_monitor isn't the right thing for such a function > to be checking.
On Thu, Mar 10, 2022 at 1:52 PM Jeff Davis <pg...@j-davis.com> wrote: > > * pg_get_raw_wal_record() seems too powerful for pg_monitor. Maybe that > function should require pg_read_server_files? Or at least > pg_read_all_data? The v9 patch set posted at [1] grants execution on pg_get_raw_wal_record() to the pg_monitor role. pg_read_all_data may not be the right choice, but pg_read_server_files is as these functions do read the WAL files on the server. If okay, I'm happy to grant execution on pg_get_raw_wal_record() to the pg_read_server_files role. Thoughts? [1] https://www.postgresql.org/message-id/CALj2ACVRH-z8mZLyFkpLvY4qRhxQCqU_BLkFTtwt%2BTPZNhfEVg%40mail.gmail.com Regards, Bharath Rupireddy.
