| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: restrict pg_stat_ssl to superuser? |
| Date: | 2019-02-15 13:04:59 |
| Message-ID: | 71319f2d-a073-0499-4562-6003e026307e@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2019-02-12 07:40, Michael Paquier wrote:
> On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
>> If so, is there anything in that view that should be made available to
>> non-superusers? If not, then we could perhaps do this via a simple
>> permission change instead of going the route of blanking out individual
>> columns.
>
> Hm. It looks sensible to move to a per-permission approach for that
> view. Now, pg_stat_get_activity() is not really actually restricted,
> and would still return the information on direct calls, so the idea
> would be to split the SSL-related data into its own function?
We could remove default privileges from pg_stat_get_activity(). Would
that be a problem?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-02-15 13:32:52 | Re: Reporting script runtimes in pg_regress |
| Previous Message | Antonin Houska | 2019-02-15 12:46:02 | Re: Problems with plan estimates in postgres_fdw |