Julien Rouhaud <rjuju...@gmail.com> writes: >>> Probably NO, if only because you'd need additional privileges >>> to use these anyway: >>> pg_stat_statements
> But the additional privileges are global, so assuming the extension > has been properly setup, wouldn't it be sensible to ease the > per-database installation? If not properly setup, there's no harm in > creating the extension anyway. Mmm, I'm not convinced --- the ability to see what statements are being executed in other sessions (even other databases) is something that paranoid installations might not be so happy about. Our previous discussions about what privilege level is needed to look at pg_stat_statements info were all made against a background assumption that you needed some extra privilege to set up the view in the first place. I think that would need another look or two before being comfortable that we're not shifting the goal posts too far. The bigger picture here is that I don't want to get push-back that we've broken somebody's security posture by marking too many extensions trusted. So for anything where there's any question about security implications, we should err in the conservative direction of leaving it untrusted. regards, tom lane