8000 Default monitoring roles · postgrespro/postgres@25fff40 · GitHub
[go: up one dir, main page]
Skip to content

Commit 25fff40

Browse files
simonat2ndQuadrantsimonat2ndQuadrant
committed
Default monitoring roles
Three nologin roles with non-overlapping privs are created by default * pg_read_all_settings - read all GUCs. * pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size() * pg_stat_scan_tables - may lock/scan tables Top level role - pg_monitor includes all of the above by default, plus others Author: Dave Page Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
1 parent e984ef5 commit 25fff40

30 files changed

+196
-55
lines changed

contrib/pg_buffercache/Makefile

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,9 @@ MODULE_big = pg_buffercache
44
OBJS = pg_buffercache_pages.o $(WIN32RES)
55

66
EXTENSION = pg_buffercache
7-
DATA = pg_buffercache--1.2.sql pg_buffercache--1.1--1.2.sql \
8-
pg_buffercache--1.0--1.1.sql pg_buffercache--unpackaged--1.0.sql
7+
DATA = pg_buffercache--1.2.sql pg_buffercache--1.2--1.3.sql \
8+
pg_buffercache--1.1--1.2.sql pg_buffercache--1.0--1.1.sql \
9+
pg_buffercache--unpackaged--1.0.sql
910
PGFILEDESC = "pg_buffercache - monitoring of shared buffer cache in real-time"
1011

1112
ifdef USE_PGXS

contrib/pg_buffercache/pg_buffercache--1.2--1.3.sql

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
/* contrib/pg_buffercache/pg_buffercache--1.2--1.3.sql */
2+
3+
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
4+
\echo Use "ALTER EXTENSION pg_buffercache UPDATE TO '1.3'" to load this file. \quit
5+
6+
GRANT EXECUTE ON FUNCTION pg_buffercache_pages() TO pg_monitor;
7+
GRANT SELECT ON pg_buffercache TO pg_monitor;

contrib/pg_buffercache/pg_buffercache.control

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# pg_buffercache extension
22
comment = 'examine the shared buffer cache'
3-
default_version = '1.2'
3+
default_version = '1.3'
44
module_pathname = '$libdir/pg_buffercache'
55
relocatable = true

contrib/pg_freespacemap/Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ MODULE_big = pg_freespacemap
44
OBJS = pg_freespacemap.o $(WIN32RES)
55

66
EXTENSION = pg_freespacemap
7-
DATA = pg_freespacemap--1.1.sql pg_freespacemap--1.0--1.1.sql \
8-
pg_freespacemap--unpackaged--1.0.sql
7+
DATA = pg_freespacemap--1.1.sql pg_freespacemap--1.1--1.2.sql \
8+
pg_freespacemap--1.0--1.1.sql pg_freespacemap--unpackaged--1.0.sql
99
PGFILEDESC = "pg_freespacemap - monitoring of free space map"
1010

1111
ifdef USE_PGXS

contrib/pg_freespacemap/pg_freespacemap--1.1--1.2.sql

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
/* contrib/pg_freespacemap/pg_freespacemap--1.1--1.2.sql */
2+
3+
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
4+
\echo Use "ALTER EXTENSION pg_freespacemap UPDATE TO '1.2'" to load this file. \quit
5+
6+
GRANT EXECUTE ON FUNCTION pg_freespace(regclass, bigint) TO pg_stat_scan_tables;
7+
GRANT EXECUTE ON FUNCTION pg_freespace(regclass) TO pg_stat_scan_tables;

contrib/pg_freespacemap/pg_freespacemap.control

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# pg_freespacemap extension
22
comment = 'examine the free space map (FSM)'
3-
default_version = '1.1'
3+
default_version = '1.2'
44
module_pathname = '$libdir/pg_freespacemap'
55
relocatable = true

contrib/pg_stat_statements/Makefile

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,10 @@ MODULE_big = pg_stat_statements
44
OBJS = pg_stat_statements.o $(WIN32RES)
55

66
EXTENSION = pg_stat_statements
7-
DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.3--1.4.sql \
8-
pg_stat_statements--1.2--1.3.sql pg_stat_statements--1.1--1.2.sql \
9-
pg_stat_statements--1.0--1.1.sql pg_stat_statements--unpackaged--1.0.sql
7+
DATA = pg_stat_statements--1.4.sql pg_stat_statements--1.4--1.5.sql \
8+
pg_stat_statements--1.3--1.4.sql pg_stat_statements--1.2--1.3.sql \
9+
pg_stat_statements--1.1--1.2.sql pg_stat_statements--1.0--1.1.sql \
10+
pg_stat_statements--unpackaged--1.0.sql
1011
PGFILEDESC = "pg_stat_statements - execution statistics of SQL statements"
1112

1213
LDFLAGS_SL += $(filter -lm, $(LIBS))

contrib/pg_stat_statements/pg_stat_statements--1.4--1.5.sql

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
/* contrib/pg_stat_statements/pg_stat_statements--1.4--1.5.sql */
2+
3+
-- complain if script is sourced in psql, rather than via ALTER EXTENSION
4+
\echo Use "ALTER EXTENSION pg_stat_statements UPDATE TO '1.5'" to load this file. \quit
5+
6+
GRANT EXECUTE ON FUNCTION pg_stat_statements_reset() TO pg_read_all_stats;

contrib/pg_stat_statements/pg_stat_statements.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
#include <unistd.h>
6363

6464
#include "access/hash.h"
65+
#include "catalog/pg_authid.h"
6566
#include "executor/instrument.h"
6667
#include "funcapi.h"
6768
#include "mb/pg_wchar.h"
@@ -1391,14 +1392,17 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,
13911392
MemoryContext per_query_ctx;
13921393
MemoryContext oldcontext;
13931394
Oid userid = GetUserId();
1394-
bool is_superuser = superuser();
1395+
bool is_allowed_role = false;
13951396
char *qbuffer = NULL;
13961397
Size qbuffer_size = 0;
13971398
Size extent = 0;
13981399
int gc_count = 0;
13991400
HASH_SEQ_STATUS hash_seq;
14001401
pgssEntry *entry;
14011402

1403+
/* Superusers or members of pg_read_all_stats members are allowed */
1404+
is_allowed_role = is_member_of_role(GetUserId(), DEFAULT_ROLE_READ_ALL_STATS);
1405+
14021406
/* hash table must exist already */
14031407
if (!pgss || !pgss_hash)
14041408
ereport(ERROR,
@@ -1541,7 +1545,7 @@ pg_stat_statements_internal(FunctionCallInfo fcinfo,
15411545
values[i++] = ObjectIdGetDatum(entry->key.userid);
15421546
values[i++] = ObjectIdGetDatum(entry->key.dbid);
15431547

1544-
if (is_superuser || entry->key.userid == userid)
1548+
if (is_allowed_role || entry->key.userid == userid)
15451549
{
15461550
if (api_version >= PGSS_V1_2)
15471551
values[i++] = Int64GetDatumFast(queryid);

contrib/pg_stat_statements/pg_stat_statements.control

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# pg_stat_statements extension
22
comment = 'track execution statistics of all SQL statements executed'
3-
default_version = '1.4'
3+
default_version = '1.5'
44
module_pathname = '$libdir/pg_stat_statements'
55
relocatable = true

0 commit comments

Comments
 (0)
0