Re: Add support for logging the current role
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-13T01:59:54Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Add support for an application_name parameter, which is displayed in
- 8217cfbd9918 9.0.0 cited
-
Make CSV column ordering a bit more logical.
- 230e8962f3a4 8.3.0 cited
-
Extend the format of CSV logs to include the additional information supplied
- 3bf66d6f1c3a 8.3.0 cited
-
Add virtual transaction IDs to CSVLOG output, so that messages coming from
- 77c166ba6cf6 8.3.0 cited
-
Provide for logfiles in machine readable CSV format. In consequence, rename
- fd801f4faa8e 8.3.0 cited
Stephen Frost <sfrost@snowman.net> writes: > * Tom Lane (tgl@sss.pgh.pa.us) wrote: >> I understand. But doing this right is going to take more than ten lines >> of code, and more than a negligible performance penalty. We have to >> consider whether it's worth it. > It'd be ideal if the performance hit could only be felt by people who > want to enable the option. On the flip side, I don't know that adding a > bit of extra work to SET ROLE would be that bad. If it helps (and I > don't know if it does, I'm still trying to wrap my head around > GetUserIdAndSecContext/SetUserIdAndSecContext), I'd be fine with *not* > trying to log the right role when inside Security Definter functions > (after all, if those are getting called, the user could go look at the > function definition to see which role it's being run as). > I gather one issue is how we can pick up what the correct role name is > when resetting the role due to a failed transaction..? Building a stack > with all the role names pre-cached to deal with that wouldn't be likely > to work and we'd need more than one level to deal with savepoints, I > assume? We could reset it to an Invalid name on abort and then detect > that it needs to be corrected at the start of the next transaction, > perhaps? I seem to recall that the assign hook for role stores the string form of the role name anyway. So in principle you could arrange for that to get dumped someplace where elog.c could look at it (think about just adding a string parameter to SetUserIdAndSecContext). It wouldn't track the effects of RENAME ROLE against an actively-used role, but then again neither does %u. I'm not actually concerned about adding a few extra cycles to SET ROLE for this. What bothered me more was the cost of adding another output column to CSV log mode. That's not something you're going to be able to finesse such that only people who care pay the cost. regards, tom lane