You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+19-9
Original file line number
Diff line number
Diff line change
@@ -203,14 +203,10 @@ If you want to include only subset of databases, you can use option `--include-d
203
203
204
204
### Running as non-superuser
205
205
206
-
To be able to collect metrics from `pg_stat_activity` and `pg_stat_replication`
207
-
as non-superuser you have to create functions and views as a superuser, and
208
-
assign permissions separately to those.
209
-
210
-
In PostgreSQL, views run with the permissions of the user that created them so
211
-
they can act as security barriers. Functions need to be created to share this
212
-
data with the non-superuser. Only creating the views will leave out the most
213
-
important bits of data.
206
+
To be able to collect metrics from `pg_stat*` views as non-superuser in PostgreSQL
207
+
server versions >= 10 you can grant the `pg_monitor` or `pg_read_all_stats`[built-in roles](https://www.postgresql.org/docs/current/predefined-roles.html) to the user. If
208
+
you need to monitor older PostgreSQL servers, you will have to create functions
209
+
and views as a superuser, and assign permissions separately to those.
214
210
215
211
```sql
216
212
-- To use IF statements, hence to be able to check if the user exists before
@@ -239,9 +235,23 @@ ALTER USER postgres_exporter SET SEARCH_PATH TO postgres_exporter,pg_catalog;
239
235
-- If deploying as non-superuser (for example in AWS RDS), uncomment the GRANT
240
236
-- line below and replace <MASTER_USER> with your root user.
241
237
-- GRANT postgres_exporter TO <MASTER_USER>;
238
+
239
+
GRANT CONNECT ON DATABASE postgres TO postgres_exporter;
240
+
```
241
+
242
+
Run following command if you use PostgreSQL versions >= 10
243
+
```sql
244
+
GRANT pg_monitor to postgres_exporter;
245
+
```
246
+
247
+
Run following SQL commands only if you use PostgreSQL versions older than 10.
248
+
In PostgreSQL, views run with the permissions of the user that created them so
249
+
they can act as security barriers. Functions need to be created to share this
250
+
data with the non-superuser. Only creating the views will leave out the most
251
+
important bits of data.
252
+
```sql
242
253
CREATESCHEMAIF NOT EXISTS postgres_exporter;
243
254
GRANT USAGE ON SCHEMA postgres_exporter TO postgres_exporter;
244
-
GRANT CONNECT ON DATABASE postgres TO postgres_exporter;
245
255
246
256
CREATE OR REPLACEFUNCTIONget_pg_stat_activity() RETURNS SETOF pg_stat_activity AS
0 commit comments