| From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
|---|---|
| To: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? |
| Date: | 2021-10-08 17:11:12 |
| Message-ID: | 38D8DD3D-55A0-4390-B2D6-0555143F45D9@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/8/21, 12:01 AM, "Bharath Rupireddy" <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> wrote:
> I think we can remove the below revoke statements from
> system_views.sql and place the checks shown at (2) in the underlying
> functions pg_get_shmem_allocations, pg_get_backend_memory_contexts,
> also in pg_log_backend_memory_contexts.
>
> REVOKE ALL ON pg_shmem_allocations FROM PUBLIC;
> REVOKE EXECUTE ON FUNCTION pg_get_shmem_allocations() FROM PUBLIC;
> REVOKE ALL ON pg_backend_memory_contexts FROM PUBLIC;
> REVOKE EXECUTE ON FUNCTION pg_get_backend_memory_contexts() FROM PUBLIC;
>
> Thoughts?
This approach would add a restriction that a role must have SUPERUSER
or be a member of pg_monitor to use the views/functions. I think
there is value in allowing any role to use them (if granted the proper
privileges). In any case, users may already depend on being able to
do that.
Instead, I think we should just grant privileges to pg_monitor. I've
attached a (basically untested) patch to demonstrate what I'm
thinking.
Nathan
| Attachment | Content-Type | Size |
|---|---|---|
| monitor.patch | application/octet-stream | 945 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matthias van de Meent | 2021-10-08 17:17:39 | Re: RFC: compression dictionaries for JSONB |
| Previous Message | Mikael Kjellström | 2021-10-08 16:55:02 | Re: Time to upgrade buildfarm coverage for some EOL'd OSes? |