From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, Martín Marqués <martin(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Read access for pg_monitor to pg_replication_origin_status view |
Date: | 2020-06-09 07:35:55 |
Message-ID: | 20200609073555.GF38342@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Jun 09, 2020 at 03:32:24PM +0900, Masahiko Sawada wrote:
> One thing I'm concerned with this change is that we will end up
> needing to grant both execute on pg_show_replication_origin_status()
> and select on pg_replication_origin_status view when we want a
> non-super user to access pg_replication_origin_status. It’s unlikely
> that the user can grant both privileges at once as
> pg_show_replication_origin_status() is not documented.
Not sure if that's worth worrying. We have similar cases like that,
take for example pg_file_settings with pg_show_all_file_settings()
which requires both a SELECT ACL on pg_file_settings and an EXECUTE
ACL on pg_show_all_file_settings(). My point is that if you issue a
GRANT SELECT on the catalog view, the user can immediately see when
trying to query it that an extra execution is needed.
> A user having a replication privilege already is able to execute these
> functions. Do you mean to ease it so that a user also executes them
> without replication privilege?
Arf. Please forget what I wrote here, the hardcoded check for
replication rights would be a problem.
--
Michael
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2020-06-09 07:54:24 | Re: Unify drop-by-OID functions |
Previous Message | Juan José Santamaría Flecha | 2020-06-09 07:33:32 | Re: TAP tests and symlinks on Windows |