On 3/27/17 08:54, Robert Haas wrote:
> OK, I see the points that both of you are making and I admit that
> they've got some validity to them.  Let me make a modest proposal.
> Suppose we define the pg_monitor role as strictly a bundle of
> privileges that could be granted individually if desired, and
> similarly define pg_read_all_settings and pg_read_all_stats as roles
> that are strictly recognized by the code, without any grants.

I think this is very important.  We can't have roles that do both.  That
will just cause confusion.  Security confusion.

I'm confused about the definition of the pg_read_all_stats role.  It
seems to give read access to just about everything that rhymes with
"stats" as well as a random collection of other things such as table
sizes.  Except actual table statistics, which was my first guess.

Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to