Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: "Bossart, Nathan" <bossartn@amazon.com>
Cc: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-13T00:33:19Z
Lists: pgsql-hackers
Greetings, On Tue, Oct 12, 2021 at 20:26 Bossart, Nathan <bossartn@amazon.com> wrote: > On 10/9/21, 2:12 AM, "Bharath Rupireddy" < > bharath.rupireddyforpostgres@gmail.com> wrote: > > Here's the v1, please review it further. > > Thanks for the patch. > > - /* Only allow superusers to log memory contexts. */ > - if (!superuser()) > + /* > + * Only superusers or members of pg_read_all_stats can log memory > contexts. > + */ > + if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS)) > > I personally think pg_log_backend_memory_contexts() should remain > restricted to superusers since it directly impacts the server log. > However, if we really did want to open it up to others, couldn't we > add GRANT/REVOKE statements in system_functions.sql and remove the > hard-coded superuser check? I think that provides a bit more > flexibility (e.g., permission to execute it can be granted to others > without giving them pg_read_all_stats). I would think we would do both…. That is- move to using GRANT/REVOKE, and then just include a GRANT to pg_read_all_stats. Or not. I can see the argument that, because it just goes into the log, that it doesn’t make sense to grant to a predefined role, since that role wouldn’t be able to see the results even if it had access. Thanks, Stephen >
Commits
-
Grant memory views to pg_read_all_stats.
- 77ea4f94393e 15.0 landed