我正在尝试从 Postgres 数据库获取 csv_logs。管理员用户可以查看 csv 日志文件,但我创建的其他用户遇到错误。这是我的步骤:
Login as admin user
Execute: SELECT * FROM my_extensions.list_postgres_log_files() ORDER BY 1; --- This works and I can see log files
1.CREATE ROLE foo; -- a non-superuser
2.GRANT pg_monitor TO foo; -- do this only when list_postgres_log_files() is used because the underlying function pg_ls_logdir() needs it
3.GRANT USAGE,CREATE ON SCHEMA my_extensions TO foo; -- to create foreign tables in schema
4.GRANT USAGE ON FOREIGN SERVER my_log_server TO foo; -- to use log_fdw foreign server
5.SET ROLE foo;
6.SELECT * FROM my_extensions.list_postgres_log_files() ORDER BY 1; Throws an error: ERROR: permission denied for function list_postgres_log_files SQL state: 42501
mydb=> \df+ list_postgres_log_files
List of functions
Schema | Name | Result data type | Argument data types | Type | Volatility | Parallel | O
wner | Security | Access privileges | Language | Source code | Description
----------------+-------------------------+------------------+------------------------------------------------+------+------------+----------+------
---------+----------+-------------------------------+----------+-------------------------+-------------
my_extensions | list_postgres_log_files | SETOF record | OUT file_name text, OUT file_size_bytes bigint | func | volatile | unsafe | rds_s
uperuser | invoker | rds_superuser=X/rds_superuser | c | list_postgres_log_files |
(1 row)
我按照 https://github.com/aws/postgresql-logfdw 上的步骤操作 但我无法查看日志文件
我必须明确授予对 Github 步骤中未提及的功能的权限。我认为 pg_monitor grant 可以解决问题。
将函数 my_extensions.list_postgres_log_files() 的执行权限授予 foo;