Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Michael Paquier <michael@paquier.xyz>
Cc: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, "Bossart, Nathan" <bossartn@amazon.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-13T08:00:51Z
Lists: pgsql-hackers
Greetings, On Wed, Oct 13, 2021 at 03:54 Michael Paquier <michael@paquier.xyz> wrote: > On Wed, Oct 13, 2021 at 11:15:16AM +0530, Bharath Rupireddy wrote: > > IMO, we can just retain the "if (!superuser())" check in the > > pg_log_backend_memory_contexts as is. This would be more meaningful as > > the error "must be superuser to use raw page functions" explicitly > > says that a superuser is allowed. Whereas if we revoke the permissions > > in system_views.sql, then the error we get is not meaningful as the > > error "permission denied for function pg_log_backend_memory_contexts" > > says that permissions denied and the user will have to look at the > > documentation for what permissions this function requires. > > I don't really buy this argument with the "superuser" error message. > When removing hardcoded superuser(), we just close the gap by adding > in the documentation that the function execution can be granted > afterwards. And nobody has complained about the difference in error > message AFAIK. That's about extensibility. Agreed. Thanks, Stephen >
Commits
-
Grant memory views to pg_read_all_stats.
- 77ea4f94393e 15.0 landed