At Mon, 8 Jun 2020 16:21:45 +0900, Masahiko Sawada <masahiko.saw...@2ndquadrant.com> wrote in > I've looked at these patches and have one question: > > REVOKE ALL ON pg_replication_origin_status FROM public; > > +GRANT SELECT ON pg_replication_origin_status TO pg_read_all_stats; > > +REVOKE EXECUTE ON FUNCTION pg_show_replication_origin_status() FROM public; > + > +GRANT EXECUTE ON FUNCTION pg_show_replication_origin_status() TO > pg_read_all_stats; > > I thought that this patch has pg_replication_origin_status view behave > like other pg_stat_* views in terms of privileges but it's slightly > different. For instance, since we grant all privileges on > pg_stat_replication to public by default, the only user who either is > a member of pg_read_all_stats or is superuser can see all values but > other users not having such privileges also can access that view and > see the part of statistics. On the other hand, with this patch, we > allow only user who either is a member of pg_read_all_stats or is > superuser to access pg_replication_origin_status view. Other users > cannot even access to that view. Is there any reason why we grant > select privilege to only pg_read_all_stats? I wonder if we can have > pg_replication_origin_status accessible by public and filter some > column data in pg_show_replication_origin_status() that we don't want > to show to users who neither a member of pg_read_all_stats nor > superuser.
Yeah, I agree to this (and wrote something like that before). On the other hand Martín seems to just want to allow other users to see it while preserving the current behavior. I also understand that thought. > There is a typo in 0001 patch: > > +-- > +-- Permision to execute Replication Origin functions should be > revoked from public > +-- > > s/Permision/Permission/ Mmm. Right. regards. -- Kyotaro Horiguchi NTT Open Source Software Center