Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?

Поиск
Список
Период
Сортировка
От Jeff Davis
Тема Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Дата
Msg-id db12f2c09acbbd3a06aa2eca7503c9c613a7d614.camel@j-davis.com
обсуждение исходный текст
Ответ на Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Robert Haas <robertmhaas@gmail.com>)
Ответы Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Robert Haas <robertmhaas@gmail.com>)
Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-hackers
Дерево обсуждения 
On Wed, 2021-10-13 at 10:03 -0400, Robert Haas wrote:
> Yeah. I think we should really only use predefined roles where it's
> not practical to have people use GRANT/REVOKE.

That sounds like a good rule.

A minor complaint though: to grant on pg_backend_memory_contexts, you
need two grant statements:

   grant select on pg_backend_memory_contexts to foo;
   grant execute on function pg_get_backend_memory_contexts() to foo;

The second is more of an internal detail, and we don't really want
users to be relying on that undocumented function. Is there a good way
to define a view kind of like a SECURITY DEFINER function so that the
superuser would only need to issue a GRANT statement on the view?

Regards,
    Jeff Davis

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andrew Dunstan
Дата:
Сообщение: Re: [RFC] building postgres with meson
Следующее
От: Kyotaro Horiguchi
Дата:
Сообщение: Re: Allow escape in application_name