Check for USAGE (instead of MEMBER) privilege in all pg_has_role occu…

…rrences
EnterpriseDB · Sep 9, 2024 · 90543f1 · 90543f1
1 parent 58b2653
commit 90543f1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/barman/postgres.py b/barman/postgres.py
@@ -610,11 +610,11 @@ def has_backup_privileges(self):
           OR
           (
             (
-              pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
+              pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
               OR
               (
-                pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
-                AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
+                pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
+                AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
               )
             )
             AND
@@ -664,7 +664,7 @@ def has_checkpoint_privileges(self):
             return True
         else:
             role_check_query = (
-                "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
+                "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
             )
             try:
                 cur = self._cursor()
@@ -694,11 +694,11 @@ def has_monitoring_privileges(self):
             monitoring_check_query = """
             SELECT
             (
-                pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
+                pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
                 OR
                 (
-                    pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
-                    AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
+                    pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
+                    AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
                 )
             )
             """

diff --git a/tests/test_postgres.py b/tests/test_postgres.py
@@ -1092,7 +1092,7 @@ def test_has_checkpoint_privileges(
         cursor_mock.fetchone.side_effect = [(False,)]
         assert not server.postgres.has_checkpoint_privileges
         cursor_mock.execute.assert_called_with(
-            "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
+            "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
         )
 
         # no superuser, pg_checkpoint -> True
@@ -1101,7 +1101,7 @@ def test_has_checkpoint_privileges(
         cursor_mock.fetchone.side_effect = [(True,)]
         assert server.postgres.has_checkpoint_privileges
         cursor_mock.execute.assert_called_with(
-            "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'MEMBER');"
+            "select pg_has_role(CURRENT_USER ,'pg_checkpoint', 'USAGE');"
         )
 
         # superuser, no pg_checkpoint -> True
@@ -1718,11 +1718,11 @@ def test_has_monitoring_privileges(
                 """
             SELECT
             (
-                pg_has_role(CURRENT_USER, 'pg_monitor', 'MEMBER')
+                pg_has_role(CURRENT_USER, 'pg_monitor', 'USAGE')
                 OR
                 (
-                    pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'MEMBER')
-                    AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'MEMBER')
+                    pg_has_role(CURRENT_USER, 'pg_read_all_settings', 'USAGE')
+                    AND pg_has_role(CURRENT_USER, 'pg_read_all_stats', 'USAGE')
                 )
             )
             """