Re: docs: mention "pg_read_all_stats" in "track_activities" description
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Ian Lawrence Barwick <barwick@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2022-05-22T20:26:08Z
Lists: pgsql-hackers
On Sun, May 22, 2022 at 09:59:47AM +0900, Michael Paquier wrote: > + visible to superusers, roles with privileges of the > + <literal>pg_read_all_stats</literal> role, and roles with privileges of > + the user owning the session being reported on, so it should not > + represent a security risk. Only superusers and users with the > + appropriate <literal>SET</literal> privilege can change this setting. > > Regarding the fact that a user can see its own information, the last > part of the description would be right, still a bit confusing perhaps > when it comes to one's own information? Yeah, this crossed my mind. I thought that "superusers, roles with privileges of the pg_read_all_stats_role, roles with privileges of the user owning the session being reported on, and the user owning the session being reported on" might be too long-winded and redundant. But I see your point that it might be a bit confusing. Perhaps it could be trimmed down to something like this: ... superusers, roles with privileges of the pg_read_all_stats role, and roles with privileges of the user owning the session being reported on (including the session owner). -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Commits
-
doc: Reword description of roles able to view track_activities's info
- 2640579bfcb6 10.22 landed
- 02ea9673382e 11.17 landed
- bc2f04e4f26e 12.12 landed
- 938548b75458 13.8 landed
- 0adff38da4bc 14.4 landed
- b3fb16e8bb3e 15.0 landed
-
doc: Mention pg_read_all_stats in description of track_activities
- fc428feafbbd 10.22 landed
- ee27871a8caa 11.17 landed
- 5f6baeea98a8 12.12 landed
- bb60f25755d4 13.8 landed
- 7f798e893678 14.4 landed
- ac1ae477f85c 15.0 landed