Remove superuser checks in pgstattuple

Now that we track initial privileges on extension objects and changes to those permissions, we can drop the superuser() checks from the various functions which are part of the pgstattuple extension and rely on the GRANT system to control access to those functions. Since a pg_upgrade will preserve the version of the extension which existed prior to the upgrade, we can't simply modify the existing functions but instead need to create new functions which remove the checks and update the SQL-level functions to use the new functions (and to REVOKE EXECUTE rights on those functions from PUBLIC). Thanks to Tom and Andres for adding support for extensions to follow update paths (see: 40b449a), allowing this patch to be much smaller since no new base version script needed to be included. Approach suggested by Noah. Reviewed by Michael Paquier.
2025-06-20 15:22:23 +03:00 · 2016-09-29 22:13:38 -04:00
parent f2af8dc5ba
commit fd321a1dfd
7 changed files with 315 additions and 15 deletions
--- a/doc/src/sgml/pgstattuple.sgml
+++ b/doc/src/sgml/pgstattuple.sgml
@ -12,6 +12,14 @@
  obtain tuple-level statistics.
 </para>

+ <para>
+  As these functions return detailed page-level information, only the superuser
+  has EXECUTE privileges on them upon installation.  After the functions have
+  been installed, users may issue <command>GRANT</command> commands to change
+  the privileges on the functions to allow non-superusers to execute them.  See
+  the description of the <xref linkend="sql-grant"> command for specifics.
+ </para>
+
 <sect2>
  <title>Functions</title>