Postgres Pro
Downloads
Home   >   mailing lists

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? - Mailing list pgsql-hackers

From Robert Haas
Subject Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Date
Msg-id CA+TgmobPRDTUGbFyyVbmNds7wp3GHAOvZ1udQyBGppjOLJt5yg@mail.gmail.com
Whole thread Raw
In response to Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Jeff Davis <pgsql@j-davis.com>)
Responses Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?  (Isaac Morland <isaac.morland@gmail.com>)
List pgsql-hackers
Tree view 
On Wed, Oct 13, 2021 at 7:45 PM Jeff Davis <pgsql@j-davis.com> wrote:
> users to be relying on that undocumented function. Is there a good way
> to define a view kind of like a SECURITY DEFINER function so that the
> superuser would only need to issue a GRANT statement on the view?

According to https://www.postgresql.org/docs/current/sql-createview.html
it always works like that: "Access to tables referenced in the view is
determined by permissions of the view owner. In some cases, this can
be used to provide secure but restricted access to the underlying
tables."

Hmm, unless that rule is only being applied for *tables* and not for
*functions*? I guess that could be true, but if so, it sure seems
inconsistent.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: pg14 psql broke \d datname.nspname.relname
Next
From: Dagfinn Ilmari Mannsåker
Date:
Subject: Re: [RFC] building postgres with meson