Paul McGarry wrote:
> I have a situation where I'd like to lower the
> log_min_duration_statement for a particular connection
> .
> The DB is used for several reporting type queries which may reasonably
> take several seconds so the log_min_duration_statement in the DB is
> set accordingly.
>
> However there are critical paths in the app where queries are more
> interactive and we'd like to log any statements using a much lower
> limit.
>
> A superuser could, for example:
> set log_min_duration_statement = 500;
> when connecting to the DB but normal users can't.
>
> Is there a trick that would allow us to enable non-super users to
> lower the log_min_duration_statement value?
>
> The only thing I have though of is connecting as a Super User and then
> using "SET ROLE" to change to the non-priviledged user afterwards but
> really we don't want our Super User authentication credentials on the
> application server.
You could write a SECURITY DEFINER function thusly:
CREATE OR REPLACE FUNCTION set_log_min_duration(integer) RETURNS void
LANGUAGE plpgsql VOLATILE STRICT SECURITY DEFINER
SET search_path TO pg_catalog,pg_temp AS
$$BEGIN
EXECUTE 'SET log_min_duration_statement = ' || $1::text;
END$$;
REVOKE EXECUTE ON FUNCTION set_log_min_duration(integer) FROM PUBLIC;
Then you can grant EXECUTE privileges to the users you want to
be able to change the setting.
Yours,
Laurenz Albe