Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?

Jeff Davis <pgsql@j-davis.com>

From: Jeff Davis <pgsql@j-davis.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, Isaac Morland <isaac.morland@gmail.com>, "Bossart, Nathan" <bossartn@amazon.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-10-15T17:26:16Z
Lists: pgsql-hackers
On Fri, 2021-10-15 at 09:08 -0400, Robert Haas wrote:
> I think we'd at least need to check that the view owner has execute
> permission on the function. I'm not sure whether there are any other
> gotchas.

Right, like we do for tables in a view now.

The alternative is not very appealing: that we have to document a lot
of currently-undocumented internal functions like
pg_get_backend_memory_contexts(), pg_lock_status(), etc., so that users
can grant fine-grained permissions.

Regards,
	Jeff Davis





Commits

  1. Grant memory views to pg_read_all_stats.