Hi Alvaro,
Alvaro Herrera wrote:
> Grant Finnemore wrote:
>
>> Well, pg_stat_activity isn't really the problem here, because as you
>> point out, it's just a view, and I could certainly redefine the view.
>> The limiting factor is that the backend doesn't push the role name
>> changes to the stats subsystem for either SET ROLE or SET SESSION
>> AUTH.
>
> Keep in mind that stats are updated only once every 500 ms, and messages
> have a nontrivial overhead. With your proposed changes, there would be
> a significant performance overhead to running security definer
> functions.
>
> A possible solution to this would be to publish current_user in shared
> memory, so that remote processes could read it from there (similar to
> how current_query is published).
>
Yeah, I was concerned about security definer functions, although I
hadn't yet got round to benchmarking the effects.
If there is some consensus that from a user perspective this is a
reasonable enhancement, I'll pursue the changes using your suggestion of
the current_query approach.
Regards,
Grant