fix and document CLUSTER privileges

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: fix and document CLUSTER privileges
Date: 2022-12-07 22:39:24
Message-ID: 20221207223924.GA4182184@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi hackers,

While looking into other opportunities for per-table permissions, I noticed
a weird discrepancy in CLUSTER. When evaluating whether the current user
has permission to CLUSTER a table, we ordinarily just check for ownership.
However, the database owner is also allowed to CLUSTER all partitions that
are not shared. This was added in 3f19e17, and I didn't see any discussion
about it in the corresponding thread [0].

My first instinct is that we should just remove the database ownership
check, which is what I've done in the attached patch. I don't see any
strong reason to complicate matters with special
database-owner-but-not-shared checks like other commands (e.g., VACUUM).
But perhaps we should do so just for consistency's sake. Thoughts?

It was also noted elsewhere [1] that the privilege requirements for CLUSTER
are not documented. The attached patch adds such documentation.

[0] https://postgr.es/m/20220411140609.GF26620%40telsasoft.com
[1] https://postgr.es/m/661148f4-c7f1-dec1-2bc8-29f3bd58e242%40postgrespro.ru

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

Attachment Content-Type Size
fix_cluster_privs.patch text/x-diff 1.8 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Nathan Bossart 2022-12-07 22:41:05 Re: add \dpS to psql
Previous Message Tom Lane 2022-12-07 22:32:21 Re: Error-safe user functions