From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
---|---|
To: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? |
Date: | 2021-10-21 21:45:11 |
Message-ID: | 560492F5-5602-412A-8B7B-C603A0E064D5@amazon.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 10/20/21, 11:44 PM, "Bharath Rupireddy" <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> wrote:
> I would like to confine this thread to allowing non-superusers with a
> predefined role (earlier suggestion was to use pg_read_all_stats) to
> access views pg_backend_memory_contexts and pg_shmem_allocations and
> functions pg_get_backend_memory_contexts and pg_get_shmem_allocations.
> Attaching the previous v2 patch here for further review and thoughts.
I took a look at the new patch. The changes to system_views.sql look
good to me. Let's be sure to update doc/src/sgml/catalogs.sgml as
well.
-SELECT * FROM pg_log_backend_memory_contexts(pg_backend_pid());
+SELECT pg_log_backend_memory_contexts(pg_backend_pid());
nitpick: Do we need to remove the "* FROM" here? This seems like an
unrelated change.
+-- test to check privileges of system views pg_shmem_allocations,
+-- pg_backend_memory_contexts and function pg_log_backend_memory_contexts.
I think the comment needs to be updated to remove the reference to
pg_log_backend_memory_contexts. It doesn't appear to be tested here.
+SELECT name, ident, parent, level, total_bytes >= free_bytes
+ FROM pg_backend_memory_contexts WHERE level = 0; -- permission denied error
+SELECT COUNT(*) >= 0 AS ok FROM pg_shmem_allocations; -- permission denied error
Since we're really just checking the basic permissions, could we just
do the "count(*) >= 0" check for both views?
Nathan
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2021-10-21 21:45:36 | Re: Thinking about ANALYZE stats and autovacuum and large non-uniform tables |
Previous Message | Zhihong Yu | 2021-10-21 21:43:38 | Re: Partial aggregates pushdown |