Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr - Mailing list pgsql-hackers

From Bossart, Nathan
Subject Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
Date
Msg-id B5DBAF9B-D37E-4382-9ADD-28B5A8EC6900@amazon.com
Whole thread Raw
In response to Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr  (Michael Paquier <michael@paquier.xyz>)
Responses Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
List pgsql-hackers
On 10/12/21, 6:26 PM, "Michael Paquier" <michael@paquier.xyz> wrote:
> On Tue, Oct 12, 2021 at 08:33:19PM -0400, Stephen Frost wrote:
>> I would think we would do both…. That is- move to using GRANT/REVOKE, and
>> then just include a GRANT to pg_read_all_stats.
>> 
>> Or not. I can see the argument that, because it just goes into the log,
>> that it doesn’t make sense to grant to a predefined role, since that role
>> wouldn’t be able to see the results even if it had access.
>
> I don't think that this is a bad thing to remove the superuser() check
> and replace it with a REVOKE FROM PUBLIC in this case, but linking the
> logging of memory contexts with pg_read_all_stats does not seem right
> to me.

+1

Nathan


pgsql-hackers by date:

Previous
From: Greg Nancarrow
Date:
Subject: Re: Skipping logical replication transactions on subscriber side
Next
From: "Bossart, Nathan"
Date:
Subject: Re: BUG #17220: ALTER INDEX ALTER COLUMN SET (..) with an optionless opclass makes index and table unusable