Fair enough but they should be able to achieve their goal to avoid granting SUPER to monitoring user. They have to tweak the grant/revoke as desired.
On Wed, Apr 1, 2015 at 11:53 AM, Stephen Frost <sfrost@snowman.net> wrote:
* Denish Patel (denish@omniti.com) wrote: > you should be able to use secure_check_postgres method to avoid granting > SUPER permission on monitoring user. [...]
Denish,
Please see my reply to Payal. This doesn't work. At the very least, the permissions on the pg_stat_repl() function need to be adjusted to be only GRANT'd to the monitoring user, otherwise the information is available to everyone. If that's the intent, then the view might as well be granted to PUBLIC.
Recall that, by defualt, EXECUTE on a function is granted to PUBLIC.