Mladen Gogala <gogala.mladen@xxxxxxxxx> writes: > Unfortunately, only a superuser can set log_statement='all'; Would it be > possible to execute set session log_statement='all'; as an ordinary > user? I am trying to execute it from login.sql, a part of login_hook > extension which implements on-login triggers in PostgreSQL. I will > create a procedure with security definer, owned by the role "postgres", > and grant it to public. That should do the trick. However, it would be > much nicer if PostgreSQL allowed me to set the parameter as a part of > the normal session. If an ordinary user could manipulate that parameter, he could equally well hide his activities from the system log. Conversely, if the postmaster log setup is such that not a lot of volume is expected, then flooding it with extra traffic could create its own set of problems. Thus, basically all parameters that affect what is logged are superuser-only, and it'd be a hard sell to weaken that. The SECURITY DEFINER function approach is your best bet for poking local exceptions into that policy. regards, tom lane
