Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?

Поиск
Список
Период
Сортировка
От Robert Haas
Тема Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Дата
Msg-id CA+TgmoaoQ3D62ziTvTeNKOu_JOZdfjztO_+q-Zuhg4O1yOz9ew@mail.gmail.com
обсуждение исходный текст
Ответ на Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Jeff Davis <pgsql@j-davis.com>)
Ответы Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Jeff Davis <pgsql@j-davis.com>)
Список pgsql-hackers
Дерево обсуждения 
On Thu, Oct 14, 2021 at 3:02 PM Jeff Davis <pgsql@j-davis.com> wrote:
> How do you feel about at least allowing the functions to execute (and
> if it's SECURITY INVOKER, possibly encountering a permissions failure
> during execution)?

I think we'd at least need to check that the view owner has execute
permission on the function. I'm not sure whether there are any other
gotchas.

> There are of course security implications with any change like that,
> but it seems like a fairly minor one unless I'm missing something. Why
> would an admin give someone the privileges to read a view if it will
> always fail due to lack of execute privilege?

An excellent question.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Aleksander Alekseev
Дата:
Сообщение: Re: [PATCH] Proposal for HIDDEN/INVISIBLE column
Следующее
От: Alexander Pyhalov
Дата:
Сообщение: Partial aggregates pushdown