Home > mailing lists

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Date	October 15, 2021 16:08:27
Msg-id	CA+TgmoaoQ3D62ziTvTeNKOu_JOZdfjztO_+q-Zuhg4O1yOz9ew@mail.gmail.com Whole thread Raw
In response to	Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? (Jeff Davis <pgsql@j-davis.com>)
Responses	Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
List	pgsql-hackers

Tree view

On Thu, Oct 14, 2021 at 3:02 PM Jeff Davis <pgsql@j-davis.com> wrote:
> How do you feel about at least allowing the functions to execute (and
> if it's SECURITY INVOKER, possibly encountering a permissions failure
> during execution)?

I think we'd at least need to check that the view owner has execute
permission on the function. I'm not sure whether there are any other
gotchas.

> There are of course security implications with any change like that,
> but it seems like a fairly minor one unless I'm missing something. Why
> would an admin give someone the privileges to read a view if it will
> always fail due to lack of execute privilege?

An excellent question.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Aleksander Alekseev
Date: 15 October 2021, 15:24:03
Subject: Re: [PATCH] Proposal for HIDDEN/INVISIBLE column

From: Alexander Pyhalov
Date: 15 October 2021, 16:15:33
Subject: Partial aggregates pushdown

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? - Mailing list pgsql-hackers

Previous

Next