On 2014-01-21 20:18:54 -0500, Stephen Frost wrote: > > > Don't know what folks think of removing those in-the-function checks in > > > favor of trusting the grant/revoke system to not allow those functions > > > to be called unless you have EXECUTE privileges on them.. > > > > Well, they *do* return some information when called without superuser > > privileges. Just not all columns for all sessions. I don't think you can > > achieve that with anything in our permission system. > > We'd have to address those issues somehow, certainly. The general > thrust of my thought was if we'd ever feel comfortable trusting the > GRANT/REVOKE permission system instead of places what we currently have > if(superuser()) checks or similar.
I think the only realistic thing is a "monitoring" capability, like we have "replication". GRANT/REVOKE doesn't even come close to being able to generically allow to grant permissions of even the moderate complexity pg_stat_get_activity() has. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers