database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

GetUserId() changes to has_privs_of_role()

Browse Source 
The pg_stat and pg_signal-related functions have been using GetUserId()
instead of has_privs_of_role() for checking if the current user should
be able to see details in pg_stat_activity or signal other processes,
requiring a user to do 'SET ROLE' for inheirited roles for a permissions
check, unlike other permissions checks.

This patch changes that behavior to, instead, act like most other
permission checks and use has_privs_of_role(), removing the 'SET ROLE'
need.  Documentation and error messages updated accordingly.

Per discussion with Alvaro, Peter, Adam (though not using Adam's patch),
and Robert.

Reviewed by Jeevan Chalke.
This commit is contained in:
Stephen Frost
2015-03-19 15:02:33 -04:00
parent 12968cf408
commit bf03889996
3 changed files with 47 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
doc/src/sgml/func.sgml
View File

@ -16328,9 +16328,9 @@ SELECT set_config('log_statement_stats', 'off', false);
<literal><function>pg_cancel_backend(<parameter>pid</parameter> <type>int</>)</function></literal>
</entry>
<entry><type>boolean</type></entry>
<entry>Cancel a backend's current query. You can execute this against
another backend that has exactly the same role as the user calling the
function. In all other cases, you must be a superuser.
<entry>Cancel a backend's current query. This is also allowed if the
calling role is a member of the role whose backend is being cancelled,
however only superusers can cancel superuser backends.
</entry>
</row>
<row>
@ -16352,10 +16352,9 @@ SELECT set_config('log_statement_stats', 'off', false);
<literal><function>pg_terminate_backend(<parameter>pid</parameter> <type>int</>)</function></literal>
</entry>
<entry><type>boolean</type></entry>
<entry>Terminate a backend. You can execute this against
another backend that has exactly the same role as the user
calling the function. In all other cases, you must be a
superuser.
<entry>Terminate a backend. This is also allowed if the calling role
is a member of the role whose backend is being terminated, however only
superusers can terminate superuser backends.
</entry>
</row>
</tbody>