Default monitoring roles

Three nologin roles with non-overlapping privs are created by default * pg_read_all_settings - read all GUCs. * pg_read_all_stats - pg_stat_*, pg_database_size(), pg_tablespace_size() * pg_stat_scan_tables - may lock/scan tables Top level role - pg_monitor includes all of the above by default, plus others Author: Dave Page Reviewed-by: Stephen Frost, Robert Haas, Peter Eisentraut, Simon Riggs
author: Simon Riggs 2017-03-30 18:18:53 +0000
committer: Simon Riggs 2017-03-30 18:18:53 +0000
commit: 25fff40798fc4ac11a241bfd9ab0c45c085e2212 (patch)
tree: 3c2e3eb741f814bba8eaa593d17811b86b8d2a00 /doc/src/sgml/pgfreespacemap.sgml
parent: e984ef5861df4bc9733b36271d05763e82de7c04 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/src/sgml/pgfreespacemap.sgml b/doc/src/sgml/pgfreespacemap.sgml
index f2f99d571ef..43e154a2f3a 100644
--- a/doc/src/sgml/pgfreespacemap.sgml
+++ b/doc/src/sgml/pgfreespacemap.sgml
@@ -16,8 +16,9 @@
  </para>
 
  <para>
-  By default public access is revoked from the functions, just in case
-  there are security issues lurking.
+  By default use is restricted to superusers and members of the
+  <literal>pg_stat_scan_tables</literal> role. Access may be granted to others
+  using <command>GRANT</command>.
  </para>
 
  <sect2>
author	Simon Riggs	2017-03-30 18:18:53 +0000
committer	Simon Riggs	2017-03-30 18:18:53 +0000
commit	25fff40798fc4ac11a241bfd9ab0c45c085e2212 (patch)
tree	3c2e3eb741f814bba8eaa593d17811b86b8d2a00 /doc/src/sgml/pgfreespacemap.sgml
parent	e984ef5861df4bc9733b36271d05763e82de7c04 (diff)