Home > mailing lists

Re: SuperUser check in pg_stat_statements - Mailing list pgsql-hackers

From	Feike Steenbergen
Subject	Re: SuperUser check in pg_stat_statements
Date	October 20, 2015 12:24:50
Msg-id	CAK_s-G0_vBtR=Safrja10d1oWo-cSsQiBRoVJYQOQUoJNQCHYg@mail.gmail.com Whole thread Raw
In response to	Re: SuperUser check in pg_stat_statements (rajan <vgmonnet@gmail.com>)
List	pgsql-hackers

Tree view

You can create a Security Definer Funtion which can then be executed by then non-superuser monitoring role:

(Assuming you have a role monitoring and pg_stat_statements is installed in schema public)

-- connected as a superuser
CREATE FUNCTION pg_stat_statements()
RETURNS SETOF pg_stat_statements
LANGUAGE SQL
SET search_path='public'
SECURITY DEFINER
AS
$BODY$
SELECT *
FROM pg_stat_statements;
$BODY$;

REVOKE ALL ON FUNCTION pg_stat_statements() FROM public;
GRANT EXECUTE ON FUNCTION pg_stat_statements() TO monitoring;

-- connected as monitoring
SELECT * FROM pg_stat_statements();

pgsql-hackers by date:

From: "Syed, Rahila"
Date: 20 October 2015, 12:03:00
Subject: Re: [PROPOSAL] VACUUM Progress Checker.

From: David Rowley
Date: 20 October 2015, 13:23:24
Subject: Re: Parallel Aggregate

Re: SuperUser check in pg_stat_statements - Mailing list pgsql-hackers

Previous

Next