diff options
| author | Simon Riggs | 2017-03-30 18:18:53 +0000 |
|---|---|---|
| committer | Simon Riggs | 2017-03-30 18:18:53 +0000 |
| commit | 25fff40798fc4ac11a241bfd9ab0c45c085e2212 (patch) | |
| tree | 3c2e3eb741f814bba8eaa593d17811b86b8d2a00 /contrib/pgrowlocks/pgrowlocks.c | |
| parent | e984ef5861df4bc9733b36271d05763e82de7c04 (diff) | |
Default monitoring roles
Three nologin roles with non-overlapping privs are created by default
* pg_read_all_settings - read all GUCs.
* pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size()
* pg_stat_scan_tables - may lock/scan tables
Top level role - pg_monitor includes all of the above by default, plus others
Author: Dave Page
Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
Diffstat (limited to 'contrib/pgrowlocks/pgrowlocks.c')
| -rw-r--r-- | contrib/pgrowlocks/pgrowlocks.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/contrib/pgrowlocks/pgrowlocks.c b/contrib/pgrowlocks/pgrowlocks.c index db9e0349a03..31b8626e3a0 100644 --- a/contrib/pgrowlocks/pgrowlocks.c +++ b/contrib/pgrowlocks/pgrowlocks.c @@ -28,6 +28,7 @@ #include "access/relscan.h" #include "access/xact.h" #include "catalog/namespace.h" +#include "catalog/pg_authid.h" #include "funcapi.h" #include "miscadmin.h" #include "storage/bufmgr.h" @@ -98,9 +99,11 @@ pgrowlocks(PG_FUNCTION_ARGS) relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname)); rel = heap_openrv(relrv, AccessShareLock); - /* check permissions: must have SELECT on table */ - aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), - ACL_SELECT); + /* check permissions: must have SELECT on table or be in pg_stat_scan_tables */ + aclresult = (pg_class_aclcheck(RelationGetRelid(rel), GetUserId(), + ACL_SELECT) || + is_member_of_role(GetUserId(), DEFAULT_ROLE_STAT_SCAN_TABLES); + if (aclresult != ACLCHECK_OK) aclcheck_error(aclresult, ACL_KIND_CLASS, RelationGetRelationName(rel)); |