On 2019-02-21 09:11, Michael Paquier wrote:
> On Wed, Feb 20, 2019 at 11:51:08AM +0100, Peter Eisentraut wrote:
>> So here is a patch doing it the "normal" way of nulling out all the rows
>> the user shouldn't see.
>
> That looks fine to me.
Committed, thanks.
>> I haven't found any
On Wed, Feb 20, 2019 at 11:51:08AM +0100, Peter Eisentraut wrote:
> So here is a patch doing it the "normal" way of nulling out all the rows
> the user shouldn't see.
That looks fine to me.
> I haven't found any documentation of these access restrictions in the
> context of pg_stat_activity. Is
On 2019-02-19 16:57, Peter Eisentraut wrote:
> On 2019-02-18 04:58, Michael Paquier wrote:
>> On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote:
>>> We could remove default privileges from pg_stat_get_activity(). Would
>>> that be a problem?
>>
>> I don't think so, still I am
On Thu, Feb 7, 2019 at 3:30 AM Peter Eisentraut
wrote:
> As discussed in [0], should we restrict access to pg_stat_ssl to
> superusers (and an appropriate pg_ role)?
>
> If so, is there anything in that view that should be made available to
> non-superusers? If not, then we could perhaps do this
On 2019-02-18 04:58, Michael Paquier wrote:
> On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote:
>> We could remove default privileges from pg_stat_get_activity(). Would
>> that be a problem?
>
> I don't think so, still I am wondering about the impact that this
> could have for
On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote:
> We could remove default privileges from pg_stat_get_activity(). Would
> that be a problem?
I don't think so, still I am wondering about the impact that this
could have for monitoring tools calling it directly as we document
it..
On 2019-02-12 07:40, Michael Paquier wrote:
> On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
>> If so, is there anything in that view that should be made available to
>> non-superusers? If not, then we could perhaps do this via a simple
>> permission change instead of going the
On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
> If so, is there anything in that view that should be made available to
> non-superusers? If not, then we could perhaps do this via a simple
> permission change instead of going the route of blanking out individual
> columns.
Hm.