mirror of
https://github.com/timescale/timescaledb.git
synced 2025-05-18 11:45:11 +08:00
5661ff1523
Since the job error log can contain information from many different sources and also from many different jobs it is important to ensure that visibility of the job error log entries is restricted to job owners. This commit extend the view `timescaledb_information.job_errors` with role-based checks so that a user can only see entries for jobs that she has permission to view and restrict the permissions to `_timescaledb_internal.job_errors` so that users only can view the job error log through the view. A special case is added so that the superuser and the database owner can see all log entries, even if there is no associated job id with the log entry. Closes #5217
14 lines
885 B
SQL
14 lines
885 B
SQL
-- This file and its contents are licensed under the Apache License 2.0.
|
|
-- Please see the included NOTICE for copyright information and
|
|
-- LICENSE-APACHE for a copy of the license.
|
|
|
|
-- Security definer is good to use here since the function computes an
|
|
-- aggregate of error codes and does not expose the individual messages.
|
|
CREATE OR REPLACE FUNCTION @extschema@.get_telemetry_report() RETURNS jsonb
|
|
AS '@MODULE_PATHNAME@', 'ts_telemetry_get_report_jsonb'
|
|
LANGUAGE C STABLE PARALLEL SAFE SECURITY DEFINER;
|
|
|
|
INSERT INTO _timescaledb_config.bgw_job (id, application_name, schedule_interval, max_runtime, max_retries, retry_period, proc_schema, proc_name, owner, scheduled, fixed_schedule) VALUES
|
|
(1, 'Telemetry Reporter [1]', INTERVAL '24h', INTERVAL '100s', -1, INTERVAL '1h', '_timescaledb_internal', 'policy_telemetry', CURRENT_ROLE, true, false)
|
|
ON CONFLICT (id) DO NOTHING;
|