On Tue, Mar 15, 2022 at 7:21 AM Bharath Rupireddy <bharath.rupireddyforpostg...@gmail.com> wrote: > > On Mon, Mar 14, 2022 at 8:25 PM Stephen Frost <sfr...@snowman.net> wrote: > > > > > As this patch is currently written, pg_monitor has access these > > > functions, though I don't think that's the right privilege level at > > > least for pg_get_raw_wal_record(). > > > > Yeah, I agree that pg_monitor isn't the right thing for such a function > > to be checking. > > On Thu, Mar 10, 2022 at 1:52 PM Jeff Davis <pg...@j-davis.com> wrote: > > > > * pg_get_raw_wal_record() seems too powerful for pg_monitor. Maybe that > > function should require pg_read_server_files? Or at least > > pg_read_all_data? > > The v9 patch set posted at [1] grants execution on > pg_get_raw_wal_record() to the pg_monitor role. > > pg_read_all_data may not be the right choice, but pg_read_server_files > is as these functions do read the WAL files on the server. If okay, > I'm happy to grant execution on pg_get_raw_wal_record() to the > pg_read_server_files role. > > Thoughts? > > [1] > https://www.postgresql.org/message-id/CALj2ACVRH-z8mZLyFkpLvY4qRhxQCqU_BLkFTtwt%2BTPZNhfEVg%40mail.gmail.com
Attaching v10 patch set which allows pg_get_raw_wal_record to be executed by either superuser or users with pg_read_server_files role, no other change from v9 patch set. Please review it further. Regards, Bharath Rupireddy.
v10-0001-pg_walinspect.patch
Description: Binary data
v10-0001-pg_walinspect-tests.patch
Description: Binary data
v10-0001-pg_walinspect-docs.patch
Description: Binary data
