Fixed grant on all tables to a separate view

dementii-priadko · dementii-priadko · commit d929077427c4 · 2025-07-23T18:28:42.000+03:00
diff --git a/README.md b/README.md
@@ -19,6 +19,17 @@ grant pg_monitor to postgres_ai_mon;
 grant select on pg_stat_statements to postgres_ai_mon;
 grant select on pg_stat_database to postgres_ai_mon;
 grant select on pg_stat_user_tables to postgres_ai_mon;
+
+-- Create a public view for pg_statistic access for bloat metrics
+CREATE VIEW public.pg_statistic AS
+ SELECT pg_statistic.stawidth,
+    pg_statistic.stanullfrac,
+    pg_statistic.starelid,
+    pg_statistic.staattnum
+   FROM pg_statistic;
+
+GRANT SELECT ON public.pg_statistic TO pg_monitor;
+ALTER USER postgres_ai_mon set search_path = "$user", public, pg_catalog;
 ```
 
 **One command setup:**
diff --git a/config/pgwatch-prometheus/metrics.yml b/config/pgwatch-prometheus/metrics.yml
@@ -2183,8 +2183,8 @@ presets:
       pg_stat_activity_autovacuum: 5
       pg_stat_activity_autovacuum_active: 5
       pg_gin_index: 5
-      pg_table_bloat: 86400
-      pg_btree_bloat: 86400
+      pg_table_bloat: 60
+      pg_btree_bloat: 60
       pg_invalid_indexes: 60
       redundant_indexes: 60
       unused_indexes: 60
diff --git a/config/target-db/init.sql b/config/target-db/init.sql
@@ -19,12 +19,24 @@ INSERT INTO sample_data (name) VALUES
 CREATE USER monitor WITH PASSWORD 'monitor_pass';
 GRANT CONNECT ON DATABASE target_database TO monitor;
 GRANT USAGE ON SCHEMA public TO monitor;
-GRANT SELECT ON ALL TABLES IN SCHEMA public TO monitor;
-GRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO monitor;
+
+-- Create a public view for pg_statistic access
+CREATE VIEW public.pg_statistic AS
+ SELECT pg_statistic.stawidth,
+    pg_statistic.stanullfrac,
+    pg_statistic.starelid,
+    pg_statistic.staattnum
+   FROM pg_statistic;
+
+-- Grant specific access instead of all tables
+GRANT SELECT ON public.pg_statistic TO pg_monitor;
 
 -- Grant access to monitoring views
 GRANT SELECT ON pg_stat_statements TO monitor;
 GRANT SELECT ON pg_stat_database TO monitor;
 GRANT SELECT ON pg_stat_user_tables TO monitor; 
 -- Grant pg_monitor role to monitor user for enhanced monitoring capabilities
 GRANT pg_monitor TO monitor;
+
+-- Set search path for the monitor user
+ALTER USER monitor SET search_path = "$user", public, pg_catalog;
