Re: restrict pg_stat_ssl to superuser?

On 2019-02-12 07:40, Michael Paquier wrote:
> On Thu, Feb 07, 2019 at 09:30:38AM +0100, Peter Eisentraut wrote:
>> If so, is there anything in that view that should be made available to
>> non-superusers?  If not, then we could perhaps do this via a simple
>> permission change instead of going the route of blanking out individual
>> columns.
> 
> Hm.  It looks sensible to move to a per-permission approach for that
> view.  Now, pg_stat_get_activity() is not really actually restricted,
> and would still return the information on direct calls, so the idea
> would be to split the SSL-related data into its own function?

We could remove default privileges from pg_stat_get_activity().  Would
that be a problem?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services