| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr |
| Date: | 2021-10-13 07:54:46 |
| Message-ID: | YWaQxthsmqi1YDNn@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Oct 13, 2021 at 11:15:16AM +0530, Bharath Rupireddy wrote:
> IMO, we can just retain the "if (!superuser())" check in the
> pg_log_backend_memory_contexts as is. This would be more meaningful as
> the error "must be superuser to use raw page functions" explicitly
> says that a superuser is allowed. Whereas if we revoke the permissions
> in system_views.sql, then the error we get is not meaningful as the
> error "permission denied for function pg_log_backend_memory_contexts"
> says that permissions denied and the user will have to look at the
> documentation for what permissions this function requires.
I don't really buy this argument with the "superuser" error message.
When removing hardcoded superuser(), we just close the gap by adding
in the documentation that the function execution can be granted
afterwards. And nobody has complained about the difference in error
message AFAIK. That's about extensibility.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2021-10-13 08:00:51 | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr |
| Previous Message | Bharath Rupireddy | 2021-10-13 06:13:39 | Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?gr |