Re: restrict pg_stat_ssl to superuser?
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-19T17:44:51Z
Lists: pgsql-hackers
On Thu, Feb 7, 2019 at 3:30 AM Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote: > As discussed in [0], should we restrict access to pg_stat_ssl to > superusers (and an appropriate pg_ role)? > > If so, is there anything in that view that should be made available to > non-superusers? If not, then we could perhaps do this via a simple > permission change instead of going the route of blanking out individual > columns. Shouldn't unprivileged users be able to see their own entries, or entries for roles which they could assume via SET ROLE? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Hide other user's pg_stat_ssl rows
- f9692a769b16 12.0 landed
-
doc: Add security information about pg_stat_activity
- 213eae9b8a8a 12.0 landed