戻る
-
タイトル
PostgreSQL Agent User Permissions -
説明
In order to allow full monitoring of the PostgreSQL Server, the agent will require a user with sufficient privilege to execute system queries. Also, several features of the server must be enabled in the server configuration file, typically the postgresql.conf file in a native instance or through the configuration UI in a hosted instance like AWS Aurora or RDS -
対策
PostgreSQL User Permissions
The PostgreSQL agent requires use of a database user with certain minimum privileges for the agent to be able to fully monitor the database.Create a new user with an existing user that has the appropriate permissions or a utility program of your choice. The new user must have access to all databases you wish to monitor. You must also ensure that any firewalls and the pg_hba.conf file allow the created user access from whichever FglAM host the agent is running from. The agent will only query system tables and views and make use of a few system functions in order to gather operational data.User privileges required for the PostgreSQL agent for versions 10+:- PG_MONITOR
- PG_READ_ALL_SETTINGS
- PG_READ_ALL_STATS
- PG_STAT_SCAN_TABLES
For versions below 10:- LOGIN
- CONNECT (on all databases)
- SELECT (on all databases)
The SUPERUSER privilege is required in order to make use of administration functions through the Foglight console. Usage of the functions is restricted to Foglight users who have been granted the “PostgreSQL Administrator” role.Example:CREATE USER user1 WITH PASSWORD ‘password1’ LOGIN SUPERUSER;