Hi
Regarding the visibility of query information, the description for
"track_activities" [1] says:
> Note that even when enabled, this information is not visible to all users,
> only to superusers and the user owning the session being reported on, so it
> should not represent a security risk.
[1]
https://www.postgresql.org/docs/current/runtime-config-statistics.html#GUC-TRACK-ACTIVITIES
It seems reasonable to mention here that the information is also visible to
members of "pg_read_all_stats", similar to what is done in the
pg_stat_statements
docs [2].
[2]
https://www.postgresql.org/docs/current/pgstatstatements.html#PGSTATSTATEMENTS-COLUMNS
Suggested wording:
> Note that even when enabled, this information is only visible to superusers,
> members of the <literal>pg_read_all_stats</literal> role and the user owning
> the session being reported on, so it should not represent a security risk.
Patch (for HEAD) with suggested wording attached; the change should
IMO be applied
all the way back to v10 (though as-is the patch only applies to HEAD,
can provide
others if needed).
Regards
Ian Barwick
--
EnterpriseDB: https://www.enterprisedb.com
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 8cefe7045b..81bcc588ed 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -7916,10 +7916,10 @@ COPY postgres_log FROM '/full/path/to/logfile.csv' WITH csv;
Enables the collection of information on the currently
executing command of each session, along with its identifier and the
time when that command began execution. This parameter is on by
- default. Note that even when enabled, this information is not
- visible to all users, only to superusers and the user owning
- the session being reported on, so it should not represent a
- security risk.
+ default. Note that even when enabled, this information is only
+ visible to superusers, members of the <literal>pg_read_all_stats</literal>
+ role and the user owning the session being reported on, so it should not
+ represent a security risk.
Only superusers and users with the appropriate <literal>SET</literal>
privilege can change this setting.
</para>
