From: Peter Eisentraut <peter@eisentraut.org>
Date: Thu, 21 Feb 2019 18:49:27 +0000 (+0100)
Subject: doc: Add security information about pg_stat_activity
X-Git-Tag: REL_12_BETA1~692
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=213eae9b8a8a6b2ce3b0e5f5dc86d4b267096398;p=postgresql

doc: Add security information about pg_stat_activity

Add a basic note that some columns in pg_stat_activity and related
views are not visible to all users.

Discussion: https://www.postgresql.org/message-id/3018acd9-e5d8-1e85-5ed7-47276cd77569%402ndquadrant.com
---

diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml
index 5c1408bdf5..0e73cdcdda 100644
--- a/doc/src/sgml/monitoring.sgml
+++ b/doc/src/sgml/monitoring.sgml
@@ -268,6 +268,18 @@ postgres   27093  0.0  0.0  30096  2752 ?        Ss   11:34   0:00 postgres: ser
    stated above; instead they update continuously throughout the transaction.
   </para>
 
+  <para>
+   Some of the information in the dynamic statistics views shown in <xref
+   linkend="monitoring-stats-dynamic-views-table"/> is security restricted.
+   Ordinary users can only see all the information about their own sessions
+   (sessions belonging to a role that they are a member of).  In rows about
+   other sessions, many columns will be null.  Note, however, that the
+   existence of a session and its general properties such as its sessions user
+   and database are visible to all users.  Superusers and members of the
+   built-in role <literal>pg_read_all_stats</literal> (see also <xref
+   linkend="default-roles"/>) can see all the information about all sessions.
+  </para>
+
   <table id="monitoring-stats-dynamic-views-table">
    <title>Dynamic Statistics Views</title>