public inbox for [email protected]
help / color / mirror / Atom feedFrom: Costa Alexoglou <[email protected]>
To: [email protected]
Subject: insufficient privilege with pg_read_all_stats granted
Date: Tue, 20 Aug 2024 22:50:09 +0200
Message-ID: <CAJ+5Ff4rRJabEP5Qz=XkRrq+4zc7b9Ai3+zqCA+GYSurFsgvjg@mail.gmail.com> (raw)
Hey folks,
I run PostgreSQL v15.8 (docker official image), and there is an issue when
reading pg_stat_staments table with a result of query most of the times
having `<insufficient privilege>` value.
I have created the user that I use to fetch the data with the following way:
```
CREATE USER abcd WITH NOSUPERUSER NOCREATEROLE NOINHERIT LOGIN;
GRANT pg_read_all_stats, pg_stat_scan_tables, pg_read_all_settings to abcd;
GRANT pg_monitor to abcd;
```
I explicitly gave `pg_read_all_stats` and also called `pg_monitor` just to
be on the safe side, but stil I get the insufficient privilege error.
```
SELECT
r.rolname AS member,
m.rolname AS role
FROM
pg_auth_members am
JOIN
pg_roles r ON r.oid = am.member
JOIN
pg_roles m ON m.oid = am.roleid
WHERE
m.rolname = 'pg_read_all_stats'
AND r.rolname = 'abcd';
member | role
--------+-------------------
abcd | pg_read_all_stats
(1 row)
```
I also tried with PostgreSQL v14.13, and this was not the case, it was
working fine as expected.
Then I tried v16.4 and v17beta3, and I faced the <insufficient privilege>
issue, so I guess something changed v15 onwards?
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: insufficient privilege with pg_read_all_stats granted
In-Reply-To: <CAJ+5Ff4rRJabEP5Qz=XkRrq+4zc7b9Ai3+zqCA+GYSurFsgvjg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox