Re: [HACKERS] Provide list of subscriptions and publications in psql's completion

Mon, 20 Feb 2017 07:49:40 -0800 

Greetings,

* Fujii Masao (masao.fu...@gmail.com) wrote:
> On Fri, Feb 17, 2017 at 11:17 PM, Peter Eisentraut
> <peter.eisentr...@2ndquadrant.com> wrote:
> > On 2/13/17 12:07, Fujii Masao wrote:
> >> Anyway IMO that we can expose all the
> >> columns except the sensitive information (i.e., subconninfo field)
> >> in pg_subscription to even non-superusers.
> >
> > You mean with column privileges?
> 
> Yes.
> 
> So there are several approaches...
> 
> 1) Expose all the columns except subconninfo in pg_subscription to
>     non-superusers. In this idea, the tab-completion and psql meta-command
>     for subscription still sees pg_subscription. One good point of
>     idea is that even non-superusers can see all the useful information
>     about subscriptions other than sensitive information like conninfo.
> 
> 2) Change pg_stat_subscription so that it also shows all the columns except
>     subconninfo in pg_subscription. Also change the tab-completion and
>     psql meta-command for subscription so that they see pg_stat_subscription
>     instead of pg_subscription. One good point is that pg_stat_subscription
>     exposes all the useful information about subscription to even
>     non-superusers. OTOH, pg_subscription and pg_stat_subscription have
>     to have several same columns. This would be redundant and a bit confusing.
> 
> 3) Expose subdbid in pg_stat_subscription. Also change the tab-completion
>     and psql meta-command for subscription so that they see
>     pg_stat_subscription. This change is very simple. But non-superusers 
> cannot
>     see useful information like subslotname because of privilege problem.
> 
> I like #1, but any better approach?

#1 seems alright to me, at least.  We could start using column-level
privs in other places also, as I mentioned up-thread.

I don't particularly like the suggestions to have psql use pg_stat_X
views or to put things into pg_stat_X views which are object definitions
for non-superusers.  If we really don't want to use column-level
privileges then we should have an appropriate view create instead which
provides non-superusers with the non-sensitive object information.

Thanks!

Stephen

Attachment: signature.asc
Description: Digital signature

Reply via email to