Robert, * Robert Haas (robertmh...@gmail.com) wrote: > The use case I have in mind is > a monitoring tool that needs access to one more of those functions -- > in keeping with the principle of least privilege, it's much better to > give the monitoring user only the privileges which it actually needs > than to make it a superuser.
That isn't what you're doing with those functions though, you're giving the monitoring tool superuser-level rights but trying to pretend like you're not. That's not really how good security works. I am entirely in agreement with providing a way to give monitoring tools more information, but that should be done through proper design and consideration of just what info they actually need (as well as what a useful format for it is). On my plate for a long time has been to add a function to return how much WAL is remaining in pg_wal for a monitoring system to be able to report on. That could be done with something like pg_ls_dir, but that's a rather hokey way to get it, and it'd be a lot nicer to just have a function which returns it, or maybe one that returns the oldest WAL position available on the system and what the current position is, which I think we might actually have. In other words, please actually outline a use-case, and let's design a proper solution. Thanks! Stephen
signature.asc
Description: Digital signature