Re: [GENERAL] Privilege for seeing queries using pg_stat_get_backend_activity
On Thu, Jan 19, 2006 at 09:17:12AM -0800, Marc Munro wrote: > I've tried tricks with security definer functions but this does not help > as pg_stat_get_backend_activity explicitly checks for the caller being a > superuser. Works here. Could you post an example? -- Michael Fuhr ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [GENERAL] Privilege for seeing queries using pg_stat_get_backend_activity
Marc Munro <[EMAIL PROTECTED]> writes: > I want certain users to be able to examine running queries using > pg_stat_get_backend_activity. Unfortunately, this will only show other > users' activity if you have superuser privilege. > I do not want to give monitoring users superuser privilege, but I do > need to allow them to perform monitoring tasks. > I've tried tricks with security definer functions but this does not help > as pg_stat_get_backend_activity explicitly checks for the caller being a > superuser. That should work fine, as the test is on the current effective userid which will change inside a security-definer function. Take a closer look at what you did, or post a complete example if you can't get it to work. regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
[GENERAL] Privilege for seeing queries using pg_stat_get_backend_activity
I want certain users to be able to examine running queries using pg_stat_get_backend_activity. Unfortunately, this will only show other users' activity if you have superuser privilege. I do not want to give monitoring users superuser privilege, but I do need to allow them to perform monitoring tasks. I've tried tricks with security definer functions but this does not help as pg_stat_get_backend_activity explicitly checks for the caller being a superuser. Aside from implementing my own version of pg_stat_get_backend_activity in C, does anyone have any suggestions? Should there be a standard privilege that allows this (please say yes)? __ Marc signature.asc Description: This is a digitally signed message part