Hello, The patch attached fixes an oversight/inconsistency of disallowing the pg_monitor system role to execute pg_current_logfile([text]).
pgwatch3=# create user joe;
CREATE ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR: permission denied for function pg_current_logfile
pgwatch3=> reset role;
RESET
pgwatch3=# grant pg_monitor to joe;
GRANT ROLE
pgwatch3=# set role joe;
SET
pgwatch3=> select pg_current_logfile();
ERROR: permission denied for function pg_current_logfile
pgwatch3=> select * FROM pg_ls_logdir();
name | size | modification
----------------------------------+----------+------------------------
postgresql-2024-02-08_130906.log | 652 | 2024-02-08 13:10:04+01
(5 rows)
Best regards,
Pavlo Golub
0001-allow-pg_current_logfile-execution-under-pg_monitor-.patch
Description: Binary data
