[英]AWS RDS: how to grant SELECT PG_BUFFERCACHE to non-aws-superuser
安装https://www.postgresql.org/docs/9.1/pgbuffercache.html扩展后,我想从其他非超级用户访问pg_buffercache
视图。
GRANT EXECUTE ON FUNCTION pg_buffercache_pages() TO test_monitoring;
GRANT SELECT ON pg_buffercache TO test_monitoring;
不起作用
根据https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.MasterAccounts.html RDS_SUPERUSER 角色有权“执行 PG_BUFFERCACHE_PAGES(), SELECT PG_BUFFERCACHE”
是否可以将相同的权限授予其他角色?
您可以rds_superuser
创建一个函数和一个视图作为rds_superuser
:
CREATE FUNCTION buffercache_for_all()
RETURNS TABLE (
bufferid integer,
relfilenode oid,
reltablespace oid,
reldatabase oid,
relforknumber smallint,
relblocknumber bigint,
isdirty boolean,
usagecount smallint,
pinning_backends integer
) LANGUAGE sql SECURITY DEFINER SET search_path = pg_catalog AS
'SELECT p.bufferid,
p.relfilenode,
p.reltablespace,
p.reldatabase,
p.relforknumber,
p.relblocknumber,
p.isdirty,
p.usagecount,
p.pinning_backends
FROM public.pg_buffercache_pages() AS p(
bufferid integer,
relfilenode oid,
reltablespace oid,
reldatabase oid,
relforknumber smallint,
relblocknumber bigint,
isdirty boolean,
usagecount smallint,
pinning_backends integer
)';
CREATE VIEW buffercache_for_all AS SELECT * FROM buffercache_for_all();
然后将函数上的EXECUTE
和视图上的SELECT
授予应该允许查看信息的任何人。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.