diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 8 | ||||
| -rw-r--r-- | doc/src/sgml/func.sgml | 23 | ||||
| -rw-r--r-- | doc/src/sgml/pgbuffercache.sgml | 5 | ||||
| -rw-r--r-- | doc/src/sgml/pgfreespacemap.sgml | 5 | ||||
| -rw-r--r-- | doc/src/sgml/pgrowlocks.sgml | 7 | ||||
| -rw-r--r-- | doc/src/sgml/pgstatstatements.sgml | 9 | ||||
| -rw-r--r-- | doc/src/sgml/pgstattuple.sgml | 3 | ||||
| -rw-r--r-- | doc/src/sgml/pgvisibility.sgml | 5 | ||||
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 36 |
9 files changed, 79 insertions, 22 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index ac39c639edc..65ba919e7b8 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -10221,15 +10221,17 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx <entry><type>text</type></entry> <entry>Configuration file the current value was set in (null for values set from sources other than configuration files, or when - examined by a non-superuser); - helpful when using <literal>include</> directives in configuration files</entry> + examined by a user who is neither a superuser or a member of + <literal>pg_read_all_settings</literal>); helpful when using + <literal>include</> directives in configuration files</entry> </row> <row> <entry><structfield>sourceline</structfield></entry> <entry><type>integer</type></entry> <entry>Line number within the configuration file the current value was set at (null for values set from sources other than configuration files, - or when examined by a non-superuser) + or when examined by a user who is neither a superuser or a member of + <literal>pg_read_all_settings</literal>). </entry> </row> <row> diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 78508d74ece..076be587eac 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -19408,9 +19408,11 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup()); accept the OID or name of a database or tablespace, and return the total disk space used therein. To use <function>pg_database_size</function>, you must have <literal>CONNECT</> permission on the specified database - (which is granted by default). To use <function>pg_tablespace_size</>, - you must have <literal>CREATE</> permission on the specified tablespace, - unless it is the default tablespace for the current database. + (which is granted by default), or be a member of the <literal>pg_read_all_stats</> + role. To use <function>pg_tablespace_size</>, you must have + <literal>CREATE</> permission on the specified tablespace, or be a member + of the <literal>pg_read_all_stats</> role unless it is the default tablespace for + the current database. </para> <para> @@ -19736,7 +19738,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup()); <entry><type>setof record</type></entry> <entry> List the name, size, and last modification time of files in the log - directory. Access may be granted to non-superuser roles. + directory. Access is granted to members of the <literal>pg_monitor</> + role and may be granted to other non-superuser roles. </entry> </row> <row> @@ -19746,7 +19749,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup()); <entry><type>setof record</type></entry> <entry> List the name, size, and last modification time of files in the WAL - directory. Access may be granted to non-superuser roles. + directory. Access is granted to members of the <literal>pg_monitor</> + role and may be granted to other non-superuser roles. </entry> </row> <row> @@ -19807,8 +19811,8 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup()); <para> <function>pg_ls_logdir</> returns the name, size, and last modified time (mtime) of each file in the log directory. By default, only superusers - can use this function, but access may be granted to others using - <command>GRANT</command>. + and members of the <literal>pg_monitor</> role can use this function. + Access may be granted to others using <command>GRANT</command>. </para> <indexterm> @@ -19817,8 +19821,9 @@ postgres=# SELECT * FROM pg_walfile_name_offset(pg_stop_backup()); <para> <function>pg_ls_waldir</> returns the name, size, and last modified time (mtime) of each file in the write ahead log (WAL) directory. By - default only superusers can use this function, but access may be granted - to others using <command>GRANT</command>. + default only superusers and members of the <literal>pg_monitor</> role + can use this function. Access may be granted to others using + <command>GRANT</command>. </para> <indexterm> diff --git a/doc/src/sgml/pgbuffercache.sgml b/doc/src/sgml/pgbuffercache.sgml index b261a4dbe0a..4e53009ae07 100644 --- a/doc/src/sgml/pgbuffercache.sgml +++ b/doc/src/sgml/pgbuffercache.sgml @@ -24,8 +24,9 @@ </para> <para> - By default public access is revoked from both of these, just in case there - are security issues lurking. + By default use is restricted to superusers and members of the + <literal>pg_read_all_stats</literal> role. Access may be granted to others + using <command>GRANT</command>. </para> <sect2> diff --git a/doc/src/sgml/pgfreespacemap.sgml b/doc/src/sgml/pgfreespacemap.sgml index f2f99d571ef..43e154a2f3a 100644 --- a/doc/src/sgml/pgfreespacemap.sgml +++ b/doc/src/sgml/pgfreespacemap.sgml @@ -16,8 +16,9 @@ </para> <para> - By default public access is revoked from the functions, just in case - there are security issues lurking. + By default use is restricted to superusers and members of the + <literal>pg_stat_scan_tables</literal> role. Access may be granted to others + using <command>GRANT</command>. </para> <sect2> diff --git a/doc/src/sgml/pgrowlocks.sgml b/doc/src/sgml/pgrowlocks.sgml index d73511579c4..65d532e0810 100644 --- a/doc/src/sgml/pgrowlocks.sgml +++ b/doc/src/sgml/pgrowlocks.sgml @@ -12,6 +12,13 @@ locking information for a specified table. </para> + <para> + By default use is restricted to superusers, members of the + <literal>pg_stat_scan_tables</literal> role, and users with + <literal>SELECT</literal> permissions on the table. + </para> + + <sect2> <title>Overview</title> diff --git a/doc/src/sgml/pgstatstatements.sgml b/doc/src/sgml/pgstatstatements.sgml index 082994cae00..2d55d3bdad4 100644 --- a/doc/src/sgml/pgstatstatements.sgml +++ b/doc/src/sgml/pgstatstatements.sgml @@ -226,10 +226,11 @@ </table> <para> - For security reasons, non-superusers are not allowed to see the SQL - text or <structfield>queryid</structfield> of queries executed by other users. - They can see the statistics, however, if the view has been installed in their - database. + For security reasons, only superusers and members of the + <literal>pg_read_all_stats<literal> role are allowed to see the SQL text and + <structfield>queryid</structfield> of queries executed by other users. + Other users can see the statistics, however, if the view has been installed + in their database. </para> <para> diff --git a/doc/src/sgml/pgstattuple.sgml b/doc/src/sgml/pgstattuple.sgml index 62b1a6f4794..141d8e225fb 100644 --- a/doc/src/sgml/pgstattuple.sgml +++ b/doc/src/sgml/pgstattuple.sgml @@ -16,7 +16,8 @@ As these functions return detailed page-level information, only the superuser has EXECUTE privileges on them upon installation. After the functions have been installed, users may issue <command>GRANT</command> commands to change - the privileges on the functions to allow non-superusers to execute them. See + the privileges on the functions to allow non-superusers to execute them. Members + of the <literal>pg_stat_scan_tables</literal> role are granted access by default. See the description of the <xref linkend="sql-grant"> command for specifics. </para> diff --git a/doc/src/sgml/pgvisibility.sgml b/doc/src/sgml/pgvisibility.sgml index fd486696fc1..d466a3bce86 100644 --- a/doc/src/sgml/pgvisibility.sgml +++ b/doc/src/sgml/pgvisibility.sgml @@ -140,7 +140,10 @@ </variablelist> <para> - By default, these functions are executable only by superusers. + By default, these functions are executable only by superusers and members of the + <literal>pg_stat_scan_tables</literal> role, with the exception of + <function>pg_truncate_visibility_map(relation regclass)</function> which can only + be executed by superusers. </para> </sect2> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 7eaefe58c2f..914f1505abd 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -516,14 +516,50 @@ DROP ROLE doomed_role; </thead> <tbody> <row> + <entry>pg_read_all_settings</entry> + <entry>Read all configuration variables, even those normally visible only to + superusers.</entry> + </row> + <row> + <entry>pg_read_all_stats</entry> + <entry>Read all pg_stat_* views and use various statistics related extensions, + even those normally visible only to superusers.</entry> + </row> + <row> + <entry>pg_stat_scan_tables</entry> + <entry>Execute monitoring functions that may take AccessShareLocks on tables, + potentially for a long time.</entry> + </row> + <row> <entry>pg_signal_backend</entry> <entry>Send signals to other backends (eg: cancel query, terminate).</entry> </row> + <row> + <entry>pg_monitor</entry> + <entry>Read/execute various monitoring views and functions. + This role is a member of <literal>pg_read_all_settings</literal>, + <literal>pg_read_all_stats</literal> and + <literal>pg_stat_scan_tables</literal>.</entry> + </row> </tbody> </tgroup> </table> <para> + The <literal>pg_monitor</literal>, <literal>pg_read_all_settings</literal>, + <literal>pg_read_all_stats</literal> and <literal>pg_stat_scan_tables</literal> + roles are intended to allow administrators to easily configure a role for the + purpose of monitoring the database server. They grant a set of common privileges + allowing the role to read various useful configuration settings, statistics and + other system information normally restricted to superusers. + </para> + + <para> + Care should be taken when granting these roles to ensure they are only used where + needed to perform the desired monitoring. + </para> + + <para> Administrators can grant access to these roles to users using the GRANT command: |