On Mon, 2021-10-25 at 14:30 -0700, Andres Freund wrote:
> I don't get the reasoning behind the "except ..." logic. What does
> this
> actually protect against? A reasonable use case for this feature is
> is to
> monitor memory usage of all backends, and this restriction practially
> requires
> to still use a security definer function.
Nathan brought it up -- more as a question than a request, so perhaps
it's not necessary. I don't have a strong opinion about it, but I
included it to be conservative (easier to relax a privilege than to
tighten one).
I can cut out the in-function check entirely if there's no objection.
Regards,
Jeff Davis
[1] https://postgr.es/m/33F34F0C-BB16-48DE-B125-95D340A54AE8@amazon.com