I'm setting up remote monitoring of postgres, but running into an uncomfortable situation with permissions. Basically it seems hard to set up a secure "read only" role, yet also allow proper monitoring.
Is there a way to grant the type of permission needed to view stats, without superuser?
Seems like you could get around most of these cases by making a function or set returning function to return the data and making it "security definer" and then grant your monitoring user access to that.