| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Mladen Gogala <gogala(dot)mladen(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: log_statement GUC parameter |
| Date: | 2021-08-12 20:30:12 |
| Message-ID: | 4105592.1628800212@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Mladen Gogala <gogala(dot)mladen(at)gmail(dot)com> writes:
> Unfortunately, only a superuser can set log_statement='all'; Would it be
> possible to execute set session log_statement='all'; as an ordinary
> user? I am trying to execute it from login.sql, a part of login_hook
> extension which implements on-login triggers in PostgreSQL. I will
> create a procedure with security definer, owned by the role "postgres",
> and grant it to public. That should do the trick. However, it would be
> much nicer if PostgreSQL allowed me to set the parameter as a part of
> the normal session.
If an ordinary user could manipulate that parameter, he could equally
well hide his activities from the system log. Conversely, if the
postmaster log setup is such that not a lot of volume is expected,
then flooding it with extra traffic could create its own set of
problems. Thus, basically all parameters that affect what is logged
are superuser-only, and it'd be a hard sell to weaken that. The
SECURITY DEFINER function approach is your best bet for poking local
exceptions into that policy.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2021-08-12 20:31:17 | Re: log_statement GUC parameter |
| Previous Message | Adrian Klaver | 2021-08-12 20:28:55 | Re: log_statement GUC parameter |