From f816ba6a94125c213b9e383db9cd9cdb6230381a Mon Sep 17 00:00:00 2001 From: Atsushi Torikoshi Date: Fri, 21 Aug 2020 09:31:29 +0900 Subject: [PATCH] Restrict the access to pg_backend_memory_contexts to members of the pg_monitor role. --- doc/src/sgml/catalogs.sgml | 1 + src/backend/catalog/system_views.sql | 3 +++ 2 files changed, 4 insertions(+) diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 1232b24e74..8a455d36dc 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -9592,6 +9592,7 @@ SCRAM-SHA-256$<iteration count>:&l The view pg_backend_memory_contexts displays all the memory contexts of the server process attached to the current session. + Access is granted to members of the pg_monitor role. pg_backend_memory_contexts contains one row diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index ba5a23ac25..5a3a60ecea 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -1482,6 +1482,8 @@ REVOKE EXECUTE ON FUNCTION pg_stat_file(text,boolean) FROM public; REVOKE EXECUTE ON FUNCTION pg_ls_dir(text) FROM public; REVOKE EXECUTE ON FUNCTION pg_ls_dir(text,boolean,boolean) FROM public; +REVOKE EXECUTE ON FUNCTION pg_get_backend_memory_contexts() FROM public; + -- -- We also set up some things as accessible to standard roles. -- @@ -1490,6 +1492,7 @@ GRANT EXECUTE ON FUNCTION pg_ls_waldir() TO pg_monitor; GRANT EXECUTE ON FUNCTION pg_ls_archive_statusdir() TO pg_monitor; GRANT EXECUTE ON FUNCTION pg_ls_tmpdir() TO pg_monitor; GRANT EXECUTE ON FUNCTION pg_ls_tmpdir(oid) TO pg_monitor; +GRANT EXECUTE ON FUNCTION pg_get_backend_memory_contexts() TO pg_monitor; GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; -- 2.18.1