On 2019-02-12 07:40, Michael Paquier wrote:
> On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
>> If so, is there anything in that view that should be made available to
>> non-superusers? If not, then we could perhaps do this via a simple
>> permission change instead of going the route of blanking out individual
>> columns.
>
> Hm. It looks sensible to move to a per-permission approach for that
> view. Now, pg_stat_get_activity() is not really actually restricted,
> and would still return the information on direct calls, so the idea
> would be to split the SSL-related data into its own function?
We could remove default privileges from pg_stat_get_activity(). Would
that be a problem?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services