Re: restrict pg_stat_ssl to superuser?

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-19T17:44:51Z
Lists: pgsql-hackers
On Thu, Feb 7, 2019 at 3:30 AM Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> As discussed in [0], should we restrict access to pg_stat_ssl to
> superusers (and an appropriate pg_ role)?
>
> If so, is there anything in that view that should be made available to
> non-superusers?  If not, then we could perhaps do this via a simple
> permission change instead of going the route of blanking out individual
> columns.

Shouldn't unprivileged users be able to see their own entries, or
entries for roles which they could assume via SET ROLE?

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company


Commits

  1. Hide other user's pg_stat_ssl rows

  2. doc: Add security information about pg_stat_activity