Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr - Mailing list pgsql-hackers

On Wed, Oct 13, 2021 at 11:15:16AM +0530, Bharath Rupireddy wrote:
> IMO, we can just retain the "if (!superuser())" check in the
> pg_log_backend_memory_contexts as is. This would be more meaningful as
> the error "must be superuser to use raw page functions" explicitly
> says that a superuser is allowed. Whereas if we revoke the permissions
> in system_views.sql, then the error we get is not meaningful as the
> error "permission denied for function pg_log_backend_memory_contexts"
> says that permissions denied and the user will have to look at the
> documentation for what permissions this function requires.

I don't really buy this argument with the "superuser" error message.
When removing hardcoded superuser(), we just close the gap by adding
in the documentation that the function execution can be granted
afterwards.  And nobody has complained about the difference in error
message AFAIK.  That's about extensibility.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Bharath Rupireddy
Date:
Subject: Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr
Next
From: Stephen Frost
Date:
Subject: Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr