On Tue, Jan 28, 2014 at 11:56 AM, Josh Berkus <j...@agliodbs.com> wrote: > Really the only way we're going to solve this is to make column > permissions on special system views fully configurable. > > For example, I would really like to GRANT an unpriv user access to the > WAL columns in pg_stat_replication so that I can monitor replication > delay without granting superuser permissions.
So you can do this now by defining a security definer function that extracts precisely the information you need and grant execute access to precisely the users you want. There was some concern upthread about defining security definer functions being tricky but I'm not sure what conclusion to draw from that argument. Even if we had column level privileges this would still be necessary in many cases and might be preferable to keep things consistent. For example, you might not want the monitor account to have access to sql_query but be able to check for backends running specific queries (perhaps vacuum or ddl or a known problematic query). -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
