Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr

On Wed, Oct 13, 2021 at 7:48 AM Bossart, Nathan <bossartn(at)amazon(dot)com> wrote:
>
> On 10/12/21, 6:26 PM, "Michael Paquier" <michael(at)paquier(dot)xyz> wrote:
> > On Tue, Oct 12, 2021 at 08:33:19PM -0400, Stephen Frost wrote:
> >> I would think we would do both…. That is- move to using GRANT/REVOKE, and
> >> then just include a GRANT to pg_read_all_stats.
> >>
> >> Or not. I can see the argument that, because it just goes into the log,
> >> that it doesn’t make sense to grant to a predefined role, since that role
> >> wouldn’t be able to see the results even if it had access.
> >
> > I don't think that this is a bad thing to remove the superuser() check
> > and replace it with a REVOKE FROM PUBLIC in this case, but linking the
> > logging of memory contexts with pg_read_all_stats does not seem right
> > to me.
>
> +1

Here comes the v2 patch. Note that I've retained superuser() check in
the pg_log_backend_memory_contexts(). Please review it.

Regards,
Bharath Rupireddy.