Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?

Поиск
Список
Период
Сортировка
От Bossart, Nathan
Тема Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Дата
Msg-id 5718CE57-72E4-4D24-BE43-1281B29BF02A@amazon.com
обсуждение исходный текст
Ответ на Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>)
Ответы Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Список pgsql-hackers
Дерево обсуждения 
On 10/9/21, 2:12 AM, "Bharath Rupireddy" <bharath.rupireddyforpostgres@gmail.com> wrote:
> Here's the v1, please review it further.

Thanks for the patch.

-    /* Only allow superusers to log memory contexts. */
-    if (!superuser())
+    /*
+     * Only superusers or members of pg_read_all_stats can log memory contexts.
+     */
+    if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))

I personally think pg_log_backend_memory_contexts() should remain
restricted to superusers since it directly impacts the server log.
However, if we really did want to open it up to others, couldn't we
add GRANT/REVOKE statements in system_functions.sql and remove the
hard-coded superuser check?  I think that provides a bit more
flexibility (e.g., permission to execute it can be granted to others
without giving them pg_read_all_stats).

Nathan

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Kyotaro Horiguchi
Дата:
Сообщение: Re: Inconsistency in startup process's MyBackendId and procsignal array registration with ProcSignalInit()
Следующее
От: Vik Fearing
Дата:
Сообщение: Re: BUG #17220: ALTER INDEX ALTER COLUMN SET (..) with an optionless opclass makes index and table unusable