From: | Tony Wasson <ajwasson(at)gmail(dot)com> |
---|---|
To: | Bryce Nesbitt <bryce2(at)obviously(dot)com> |
Cc: | pgsql-sql(at)postgresql(dot)org |
Subject: | Re: Remote monitoring of Postgres w/minimal grants |
Date: | 2010-03-11 22:20:54 |
Message-ID: | 6d8daee31003111420t6c658c9i593301f33725565a@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
On Wed, Mar 10, 2010 at 12:26 AM, Bryce Nesbitt <bryce2(at)obviously(dot)com>wrote:
> I'm setting up remote monitoring of postgres, but running into an
> uncomfortable situation with permissions.
> Basically it seems hard to set up a secure "read only" role, yet also allow
> proper monitoring.
>
> A brief writeup of that is here:
>
> http://help.logicmonitor.com/installation-getting-started/notes-for-monitoring-specific-types-of-hosts/databases/postgresql/postgresql-credentials/
> In order to get accurate server busy stats and max query time, the
> LogicMonitor user needs to be a superuser "alter role logicmonitor
> superuser;". Without the SuperUser privilege, all servers will appear busy,
> and maximum query time will always be 0.
>
> Is there a way to grant the type of permission needed to view stats,
> without superuser?
>
Seems like you could get around most of these cases by making a function or
set returning function to return the data and making it "security definer"
and then grant your monitoring user access to that.
Tony
From | Date | Subject | |
---|---|---|---|
Next Message | Jaime Casanova | 2010-03-12 06:56:24 | Re: Trigger on select :-( |
Previous Message | Ben Morrow | 2010-03-11 18:00:02 | Re: Help : insert a bytea data into new table |