Peter, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 3/22/17 07:48, Dave Page wrote: > > With the patch, complex monitoring systems can easily be setup with > > something like: > > > > CREATE ROLE monitoring_user LOGIN; > > GRANT pg_monitor TO monitoring_role; > > That assumes that we have thought of all the ways in which people might > want to monitor things.
I disagree. The entire point of the pg_monitor role is to cover those rights which we feel should be available to monitoring solutions, and that *will* change over time. > If we do it via GRANTs instead, then users can easily extend it. The intent here is that users will *also* be able to do it via GRANTs if they wish to. > If we instead change the hardcoded superuser checks to hardcoded > some-other-role checks, then the whole system instantly becomes unusable > the moment someone wants to monitor something we haven't thought of. Right, that's why we need specific roles for the cases where we have to have a C-level check and the pg_monitor role should only be GRANT'd those other roles or GRANTs on specific functions, all of which a DBA/superuser could do themselves with their own role, if they wished to do so, instead of using pg_monitor. Thanks! Stephen
signature.asc
Description: Digital signature
