Re: restrict pg_stat_ssl to superuser?
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-12T06:40:07Z
Lists: pgsql-hackers
On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote: > If so, is there anything in that view that should be made available to > non-superusers? If not, then we could perhaps do this via a simple > permission change instead of going the route of blanking out individual > columns. Hm. It looks sensible to move to a per-permission approach for that view. Now, pg_stat_get_activity() is not really actually restricted, and would still return the information on direct calls, so the idea would be to split the SSL-related data into its own function? -- Michael
Commits
-
Hide other user's pg_stat_ssl rows
- f9692a769b16 12.0 landed
-
doc: Add security information about pg_stat_activity
- 213eae9b8a8a 12.0 landed