Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Stephen Frost <sfrost@snowman.net>, "Bossart,
Nathan" <bossartn@amazon.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-14T13:11:21Z
Lists: pgsql-hackers
On Wed, Oct 13, 2021 at 7:45 PM Jeff Davis <pgsql@j-davis.com> wrote: > users to be relying on that undocumented function. Is there a good way > to define a view kind of like a SECURITY DEFINER function so that the > superuser would only need to issue a GRANT statement on the view? According to https://www.postgresql.org/docs/current/sql-createview.html it always works like that: "Access to tables referenced in the view is determined by permissions of the view owner. In some cases, this can be used to provide secure but restricted access to the underlying tables." Hmm, unless that rule is only being applied for *tables* and not for *functions*? I guess that could be true, but if so, it sure seems inconsistent. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Grant memory views to pg_read_all_stats.
- 77ea4f94393e 15.0 landed