On Wed, Feb 20, 2019 at 11:51:08AM +0100, Peter Eisentraut wrote: > So here is a patch doing it the "normal" way of nulling out all the rows > the user shouldn't see.
That looks fine to me. > I haven't found any documentation of these access restrictions in the > context of pg_stat_activity. Is there something that I'm not seeing or > something that should be added? Yes, there is nothing. I agree that it would be good to mention that some fields are set to NULL and only visible to superusers or members of pg_read_all_stats with a note for pg_stat_activity and pg_stat_get_activity(). Here is an idea: "Backend and SSL information are restricted to superusers and members of the <literal>pg_read_all_stats</literal> role. Access may be granted to others using <command>GRANT</command>. Getting that back-patched would be nice where pg_read_all_stats was introduced. -- Michael
signature.asc
Description: PGP signature