From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | fix and document CLUSTER privileges |
Date: | 2022-12-07 22:39:24 |
Message-ID: | 20221207223924.GA4182184@nathanxps13 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi hackers,
While looking into other opportunities for per-table permissions, I noticed
a weird discrepancy in CLUSTER. When evaluating whether the current user
has permission to CLUSTER a table, we ordinarily just check for ownership.
However, the database owner is also allowed to CLUSTER all partitions that
are not shared. This was added in 3f19e17, and I didn't see any discussion
about it in the corresponding thread [0].
My first instinct is that we should just remove the database ownership
check, which is what I've done in the attached patch. I don't see any
strong reason to complicate matters with special
database-owner-but-not-shared checks like other commands (e.g., VACUUM).
But perhaps we should do so just for consistency's sake. Thoughts?
It was also noted elsewhere [1] that the privilege requirements for CLUSTER
are not documented. The attached patch adds such documentation.
[0] https://postgr.es/m/20220411140609.GF26620%40telsasoft.com
[1] https://postgr.es/m/661148f4-c7f1-dec1-2bc8-29f3bd58e242%40postgrespro.ru
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
Attachment | Content-Type | Size |
---|---|---|
fix_cluster_privs.patch | text/x-diff | 1.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Nathan Bossart | 2022-12-07 22:41:05 | Re: add \dpS to psql |
Previous Message | Tom Lane | 2022-12-07 22:32:21 | Re: Error-safe user functions |