Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>
From: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Michael Paquier <michael@paquier.xyz>, Stephen Frost <sfrost@snowman.net>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-13T06:13:39Z
Lists: pgsql-hackers
Attachments
- v2-0001-change-privileges-of-pg_backend_memory_contexts-a.patch (application/octet-stream) patch v2-0001
On Wed, Oct 13, 2021 at 7:48 AM Bossart, Nathan <bossartn@amazon.com> wrote: > > On 10/12/21, 6:26 PM, "Michael Paquier" <michael@paquier.xyz> wrote: > > On Tue, Oct 12, 2021 at 08:33:19PM -0400, Stephen Frost wrote: > >> I would think we would do both…. That is- move to using GRANT/REVOKE, and > >> then just include a GRANT to pg_read_all_stats. > >> > >> Or not. I can see the argument that, because it just goes into the log, > >> that it doesn’t make sense to grant to a predefined role, since that role > >> wouldn’t be able to see the results even if it had access. > > > > I don't think that this is a bad thing to remove the superuser() check > > and replace it with a REVOKE FROM PUBLIC in this case, but linking the > > logging of memory contexts with pg_read_all_stats does not seem right > > to me. > > +1 Here comes the v2 patch. Note that I've retained superuser() check in the pg_log_backend_memory_contexts(). Please review it. Regards, Bharath Rupireddy.
Commits
-
Grant memory views to pg_read_all_stats.
- 77ea4f94393e 15.0 landed