public inbox for [email protected]
help / color / mirror / Atom feedpg_monitor role description
11+ messages / 6 participants
[nested] [flat]
* pg_monitor role description
@ 2021-05-20 06:11 PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
0 siblings, 1 reply; 11+ messages in thread
From: PG Doc comments form @ 2021-05-20 06:11 UTC (permalink / raw)
To: [email protected]; +Cc: [email protected]
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/13/default-roles.html
Description:
"This role is a member of pg_read_all_settings, pg_read_all_stats and
pg_stat_scan_tables."
Is it correct sentence?
It seems for me that pg_read_all_stats is a member of pg_monitor. But not
vice versa.
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
@ 2021-05-20 07:00 ` Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
0 siblings, 1 reply; 11+ messages in thread
From: Michael Paquier @ 2021-05-20 07:00 UTC (permalink / raw)
To: [email protected]; [email protected]
On Thu, May 20, 2021 at 06:11:40AM +0000, PG Doc comments form wrote:
> "This role is a member of pg_read_all_settings, pg_read_all_stats and
> pg_stat_scan_tables."
> Is it correct sentence?
> It seems for me that pg_read_all_stats is a member of pg_monitor. But not
> vice versa.
Here is what I am getting:
=# \dgS pg_monitor
List of roles
Role name | Attributes | Member of
------------+--------------+--------------------------------------------------------------
pg_monitor | Cannot login | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables}
=# \dgS pg_read_all_data
List of roles
Role name | Attributes | Member of
------------------+--------------+-----------
pg_read_all_data | Cannot login | {}
So the docs look correct to me.
--
Michael
Attachments:
[application/pgp-signature] signature.asc (833B, 2-signature.asc)
download
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
@ 2021-05-20 08:54 ` Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
0 siblings, 1 reply; 11+ messages in thread
From: Julien Rouhaud @ 2021-05-20 08:54 UTC (permalink / raw)
To: Michael Paquier <[email protected]>; +Cc: [email protected]; [email protected]
On Thu, May 20, 2021 at 3:01 PM Michael Paquier <[email protected]> wrote:
>
> On Thu, May 20, 2021 at 06:11:40AM +0000, PG Doc comments form wrote:
> > "This role is a member of pg_read_all_settings, pg_read_all_stats and
> > pg_stat_scan_tables."
> > Is it correct sentence?
> > It seems for me that pg_read_all_stats is a member of pg_monitor. But not
> > vice versa.
>
> Here is what I am getting:
> =# \dgS pg_monitor
> List of roles
> Role name | Attributes | Member of
> ------------+--------------+--------------------------------------------------------------
> pg_monitor | Cannot login | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables}
>
> =# \dgS pg_read_all_data
> List of roles
>
> Role name | Attributes | Member of
> ------------------+--------------+-----------
> pg_read_all_data | Cannot login | {}
>
> So the docs look correct to me.
Indeed. In other words pg_monitor is the sum of the authorizations
given by all those roles.
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
@ 2021-05-20 12:44 ` Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
0 siblings, 1 reply; 11+ messages in thread
From: Pavel Luzanov @ 2021-05-20 12:44 UTC (permalink / raw)
To: Julien Rouhaud <[email protected]>; Michael Paquier <[email protected]>; +Cc: [email protected]; [email protected]
On 20.05.2021 11:54, Julien Rouhaud wrote:
> On Thu, May 20, 2021 at 3:01 PM Michael Paquier <[email protected]> wrote:
>> On Thu, May 20, 2021 at 06:11:40AM +0000, PG Doc comments form wrote:
>>> "This role is a member of pg_read_all_settings, pg_read_all_stats and
>>> pg_stat_scan_tables."
>>> Is it correct sentence?
>>> It seems for me that pg_read_all_stats is a member of pg_monitor. But not
>>> vice versa.
>> Here is what I am getting:
>> =# \dgS pg_monitor
>> List of roles
>> Role name | Attributes | Member of
>> ------------+--------------+--------------------------------------------------------------
>> pg_monitor | Cannot login | {pg_read_all_settings,pg_read_all_stats,pg_stat_scan_tables}
>>
>> =# \dgS pg_read_all_data
>> List of roles
>>
>> Role name | Attributes | Member of
>> ------------------+--------------+-----------
>> pg_read_all_data | Cannot login | {}
>>
>> So the docs look correct to me.
> Indeed. In other words pg_monitor is the sum of the authorizations
> given by all those roles.
Let me try one more time.
What is correct from the English language point of view:
1. Julien Rouhaud is a member of PostgreSQL Community.
or
2. PostgreSQL Community is a member of Julien Rouhaud, Michael Paquier.
Or both forms are correct?
I think that 1 is correct. And column header in a \du output must be something like 'members' instead of 'member of'.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
The Russian Postgres Company
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
@ 2021-05-20 16:03 ` Tom Lane <[email protected]>
2021-05-20 16:16 ` Re: pg_monitor role description Laurenz Albe <[email protected]>
2021-05-20 17:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
0 siblings, 2 replies; 11+ messages in thread
From: Tom Lane @ 2021-05-20 16:03 UTC (permalink / raw)
To: Pavel Luzanov <[email protected]>; +Cc: Julien Rouhaud <[email protected]>; Michael Paquier <[email protected]>; [email protected]; [email protected]
Pavel Luzanov <[email protected]> writes:
> Let me try one more time.
> What is correct from the English language point of view:
> 1. Julien Rouhaud is a member of PostgreSQL Community.
> or
> 2. PostgreSQL Community is a member of Julien Rouhaud, Michael Paquier.
> Or both forms are correct?
> I think that 1 is correct.
You're right about that ...
> And column header in a \du output must be something like 'members' instead of 'member of'.
... but this does not follow, because it's a poor analogy. "Member of"
means "these role(s) have been GRANT'ed to pg_monitor".
As a more typical use-case, there might be a role "sysadmins" that holds
assorted privileges, and then certain individual users are granted that
role. Nobody would quibble with seeing
List of roles
Role name | Attributes | Member of
-----------+--------------+-------------
bob | | {sysadmins}
joe | | {sysadmins}
sysadmins | Cannot login | {}
and I think most would agree that titling the column "Members" would
be backwards.
regards, tom lane
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
@ 2021-05-20 16:16 ` Laurenz Albe <[email protected]>
1 sibling, 0 replies; 11+ messages in thread
From: Laurenz Albe @ 2021-05-20 16:16 UTC (permalink / raw)
To: Tom Lane <[email protected]>; Pavel Luzanov <[email protected]>; +Cc: Julien Rouhaud <[email protected]>; Michael Paquier <[email protected]>; [email protected]; [email protected]
On Thu, 2021-05-20 at 12:03 -0400, Tom Lane wrote:
> List of roles
> Role name | Attributes | Member of
> -----------+--------------+-------------
> bob | | {sysadmins}
> joe | | {sysadmins}
> sysadmins | Cannot login | {}
>
> and I think most would agree that titling the column "Members" would
> be backwards.
Right. you have to read that like:
Role name (bob) with attributes () is a member of (sysadmins).
Yours,
Laurenz Albe
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
@ 2021-05-20 17:27 ` Pavel Luzanov <[email protected]>
2021-05-20 18:00 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 18:10 ` Re: pg_monitor role description Tom Lane <[email protected]>
1 sibling, 2 replies; 11+ messages in thread
From: Pavel Luzanov @ 2021-05-20 17:27 UTC (permalink / raw)
To: [email protected]
Hello,
On 20.05.2021 19:03, Tom Lane wrote:
> Pavel Luzanov <[email protected]> writes:
>> Let me try one more time.
>> What is correct from the English language point of view:
>> 1. Julien Rouhaud is a member of PostgreSQL Community.
>> or
>> 2. PostgreSQL Community is a member of Julien Rouhaud, Michael Paquier.
>> Or both forms are correct?
>> I think that 1 is correct.
> You're right about that ...
So, is it correct to change description of pg_monitor role from:
"Read/execute various monitoring views and functions. This role is a member of|pg_read_all_settings|,|pg_read_all_stats| and|pg_stat_scan_tables|."
to
"Read/execute various monitoring views and functions. The roles pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables are members of this role."
I can prepare a simple patch.
>> And column header in a \du output must be something like 'members' instead of 'member of'.
> ... but this does not follow, because it's a poor analogy. "Member of"
> means "these role(s) have been GRANT'ed to pg_monitor".
Yes, I understood this point and agree.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
The Russian Postgres Company
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
2021-05-20 17:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
@ 2021-05-20 18:00 ` Pavel Luzanov <[email protected]>
1 sibling, 0 replies; 11+ messages in thread
From: Pavel Luzanov @ 2021-05-20 18:00 UTC (permalink / raw)
To: [email protected]
Hello,
On 20.05.2021 20:27, Pavel Luzanov wrote:
> So, is it correct to change description of pg_monitor role from:
> "Read/execute various monitoring views and functions. This role is a member of|pg_read_all_settings|,|pg_read_all_stats| and|pg_stat_scan_tables|."
> to
> "Read/execute various monitoring views and functions. The roles pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables are members of this role."
>
> I can prepare a simple patch.
Just in case, patch attached.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
The Russian Postgres Company
Attachments:
[text/x-patch] doc-pg_monitor.patch (773B, 3-doc-pg_monitor.patch)
download | inline diff:
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index fe0bdb7599..00338bbebd 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -554,9 +554,9 @@ DROP ROLE doomed_role;
<row>
<entry>pg_monitor</entry>
<entry>Read/execute various monitoring views and functions.
- This role is a member of <literal>pg_read_all_settings</literal>,
- <literal>pg_read_all_stats</literal> and
- <literal>pg_stat_scan_tables</literal>.</entry>
+ The roles <literal>pg_read_all_settings</literal>,
+ <literal>pg_read_all_stats</literal> and <literal>pg_stat_scan_tables</literal>
+ are members of this role.</entry>
</row>
<row>
<entry>pg_database_owner</entry>
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
2021-05-20 17:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
@ 2021-05-20 18:10 ` Tom Lane <[email protected]>
2021-05-20 18:25 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
1 sibling, 1 reply; 11+ messages in thread
From: Tom Lane @ 2021-05-20 18:10 UTC (permalink / raw)
To: Pavel Luzanov <[email protected]>; +Cc: [email protected]
Pavel Luzanov <[email protected]> writes:
> So, is it correct to change description of pg_monitor role from:
> "Read/execute various monitoring views and functions. This role is a member of|pg_read_all_settings|,|pg_read_all_stats| and|pg_stat_scan_tables|."
> to
> "Read/execute various monitoring views and functions. The roles pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables are members of this role."
No, it is not. That wording implies that the built-in grants are like
GRANT pg_monitor TO pg_read_all_settings
and so on, where the truth is the opposite.
regards, tom lane
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
2021-05-20 17:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 18:10 ` Re: pg_monitor role description Tom Lane <[email protected]>
@ 2021-05-20 18:25 ` Pavel Luzanov <[email protected]>
2021-05-22 20:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
0 siblings, 1 reply; 11+ messages in thread
From: Pavel Luzanov @ 2021-05-20 18:25 UTC (permalink / raw)
To: Tom Lane <[email protected]>; +Cc: [email protected]
On 20.05.2021 21:10, Tom Lane wrote:
> Pavel Luzanov <[email protected]> writes:
>> So, is it correct to change description of pg_monitor role from:
>> "Read/execute various monitoring views and functions. This role is a member of|pg_read_all_settings|,|pg_read_all_stats| and|pg_stat_scan_tables|."
>> to
>> "Read/execute various monitoring views and functions. The roles pg_read_all_settings, pg_read_all_stats and pg_stat_scan_tables are members of this role."
> No, it is not. That wording implies that the built-in grants are like
>
> GRANT pg_monitor TO pg_read_all_settings
>
> and so on, where the truth is the opposite.
I'm totally confused. I'm taking timeout to think about it.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
The Russian Postgres Company
^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: pg_monitor role description
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Re: pg_monitor role description Michael Paquier <[email protected]>
2021-05-20 08:54 ` Re: pg_monitor role description Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Re: pg_monitor role description Tom Lane <[email protected]>
2021-05-20 17:27 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
2021-05-20 18:10 ` Re: pg_monitor role description Tom Lane <[email protected]>
2021-05-20 18:25 ` Re: pg_monitor role description Pavel Luzanov <[email protected]>
@ 2021-05-22 20:27 ` Pavel Luzanov <[email protected]>
0 siblings, 0 replies; 11+ messages in thread
From: Pavel Luzanov @ 2021-05-22 20:27 UTC (permalink / raw)
To: Tom Lane <[email protected]>; +Cc: [email protected]
On 20.05.2021 21:25, Pavel Luzanov wrote:
> I'm totally confused. I'm taking timeout to think about it.
I got it! It wasn't my day.))
This wording worked for me:
The pg_monitor role is a member of the pg_read_all_settings role, which allows its privileges to be used. Therefore, pg_monitor can get the value of any configuration parameter.
Thanks for clarifying.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
The Russian Postgres Company
^ permalink raw reply [nested|flat] 11+ messages in thread
end of thread, other threads:[~2021-05-22 20:27 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2021-05-20 06:11 pg_monitor role description PG Doc comments form <[email protected]>
2021-05-20 07:00 ` Michael Paquier <[email protected]>
2021-05-20 08:54 ` Julien Rouhaud <[email protected]>
2021-05-20 12:44 ` Pavel Luzanov <[email protected]>
2021-05-20 16:03 ` Tom Lane <[email protected]>
2021-05-20 16:16 ` Laurenz Albe <[email protected]>
2021-05-20 17:27 ` Pavel Luzanov <[email protected]>
2021-05-20 18:00 ` Pavel Luzanov <[email protected]>
2021-05-20 18:10 ` Tom Lane <[email protected]>
2021-05-20 18:25 ` Pavel Luzanov <[email protected]>
2021-05-22 20:27 ` Pavel Luzanov <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox