On 2014-01-21 20:00:51 -0500, Stephen Frost wrote: > * Josh Berkus (j...@agliodbs.com) wrote: > > It would be really nice to be able to GRANT/REVOKE on some of these > > special system views ...
Just define a security definer wrapper function + view, that afair works perfectly fine. > Well, we actually *can* issue grant/revoke against the underlying > function calls, but we are also doing permissions checks *in* those > functions, ignoring our own GRANT system. > Don't know what folks think of removing those in-the-function checks in > favor of trusting the grant/revoke system to not allow those functions > to be called unless you have EXECUTE privileges on them.. Well, they *do* return some information when called without superuser privileges. Just not all columns for all sessions. I don't think you can achieve that with anything in our permission system. Greetings, Andres Freund -- Andres Freund http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
