Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Robert Haas <robertmhaas@gmail.com>, Stephen Frost <sfrost@snowman.net>
Cc: "Bossart, Nathan" <bossartn@amazon.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-13T23:45:39Z
Lists: pgsql-hackers
On Wed, 2021-10-13 at 10:03 -0400, Robert Haas wrote: > Yeah. I think we should really only use predefined roles where it's > not practical to have people use GRANT/REVOKE. That sounds like a good rule. A minor complaint though: to grant on pg_backend_memory_contexts, you need two grant statements: grant select on pg_backend_memory_contexts to foo; grant execute on function pg_get_backend_memory_contexts() to foo; The second is more of an internal detail, and we don't really want users to be relying on that undocumented function. Is there a good way to define a view kind of like a SECURITY DEFINER function so that the superuser would only need to issue a GRANT statement on the view? Regards, Jeff Davis
Commits
-
Grant memory views to pg_read_all_stats.
- 77ea4f94393e 15.0 landed