Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
Date: 2021-10-13 01:25:49
Message-ID: YWY1nZGAswlNPxhY@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Oct 12, 2021 at 08:33:19PM -0400, Stephen Frost wrote:
> I would think we would do both…. That is- move to using GRANT/REVOKE, and
> then just include a GRANT to pg_read_all_stats.
>
> Or not. I can see the argument that, because it just goes into the log,
> that it doesn’t make sense to grant to a predefined role, since that role
> wouldn’t be able to see the results even if it had access.

I don't think that this is a bad thing to remove the superuser() check
and replace it with a REVOKE FROM PUBLIC in this case, but linking the
logging of memory contexts with pg_read_all_stats does not seem right
to me.
--
Michael

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Michael Paquier 2021-10-13 01:36:08 Re: pg_upgrade test for binary compatibility of core data types
Previous Message Andres Freund 2021-10-13 01:03:04 Re: [RFC] building postgres with meson