Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion
Дата
Msg-id 20170220154821.GR9812@tamriel.snowman.net
обсуждение исходный текст
Ответ на Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Fujii Masao <masao.fujii@gmail.com>)
Ответы Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion  (Michael Paquier <michael.paquier@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 
Greetings,

* Fujii Masao (masao.fujii@gmail.com) wrote:
> On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
> <peter.eisentraut@2ndquadrant.com> wrote:
> > On 2/13/17 12:07, Fujii Masao wrote:
> >> Anyway IMO that we can expose all the
> >> columns except the sensitive information (i.e., subconninfo field)
> >> in pg_subscription to even non-superusers.
> >
> > You mean with column privileges?
>
> Yes.
>
> So there are several approaches...
>
> 1) Expose all the columns except subconninfo in pg_subscription to
>     non-superusers. In this idea, the tab-completion and psql meta-command
>     for subscription still sees pg_subscription. One good point of
>     idea is that even non-superusers can see all the useful information
>     about subscriptions other than sensitive information like conninfo.
>
> 2) Change pg_stat_subscription so that it also shows all the columns except
>     subconninfo in pg_subscription. Also change the tab-completion and
>     psql meta-command for subscription so that they see pg_stat_subscription
>     instead of pg_subscription. One good point is that pg_stat_subscription
>     exposes all the useful information about subscription to even
>     non-superusers. OTOH, pg_subscription and pg_stat_subscription have
>     to have several same columns. This would be redundant and a bit confusing.
>
> 3) Expose subdbid in pg_stat_subscription. Also change the tab-completion
>     and psql meta-command for subscription so that they see
>     pg_stat_subscription. This change is very simple. But non-superusers cannot
>     see useful information like subslotname because of privilege problem.
>
> I like #1, but any better approach?

#1 seems alright to me, at least.  We could start using column-level
privs in other places also, as I mentioned up-thread.

I don't particularly like the suggestions to have psql use pg_stat_X
views or to put things into pg_stat_X views which are object definitions
for non-superusers.  If we really don't want to use column-level
privileges then we should have an appropriate view create instead which
provides non-superusers with the non-sensitive object information.

Thanks!

Stephen

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Fujii Masao
Дата:
Сообщение: Re: [HACKERS] Provide list of subscriptions and publications inpsql's completion
Следующее
От: Tomas Vondra
Дата:
Сообщение: Re: [HACKERS] [PATCH] Suppress Clang 3.9 warnings