On 28 January 2014 20:14, Josh Berkus <j...@agliodbs.com> wrote: > On 01/28/2014 12:10 PM, Tom Lane wrote: >> Josh Berkus <j...@agliodbs.com> writes: >>> For example, I would really like to GRANT an unpriv user access to the >>> WAL columns in pg_stat_replication so that I can monitor replication >>> delay without granting superuser permissions. >> >> Just out of curiosity, why is that superuser-only at all? AFAICS the >> hidden columns are just some LSNs ... what is the security argument >> for hiding them in the first place? > > Beats me, I can't find any discussion on it at all.
No specific reason that I can recall but replication is heavily protected by layers of security. pg_stat_replication is a join with pg_stat_activity, so some of the info is open, some closed. It seems possible to relax that. Presumably the current patch is returned with feedback? Or can we fix these problems by inventing a new user aspect called MONITOR (similar to REPLICATION)? We can grant application_name and replication details to that. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
