| From: | Justin Pryzby <pryzby(at)telsasoft(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: fix and document CLUSTER privileges |
| Date: | 2022-12-08 02:25:59 |
| Message-ID: | 20221208022559.GA27893@telsasoft.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Dec 07, 2022 at 02:39:24PM -0800, Nathan Bossart wrote:
> Hi hackers,
>
> While looking into other opportunities for per-table permissions, I noticed
> a weird discrepancy in CLUSTER. When evaluating whether the current user
> has permission to CLUSTER a table, we ordinarily just check for ownership.
> However, the database owner is also allowed to CLUSTER all partitions that
> are not shared. This was added in 3f19e17, and I didn't see any discussion
> about it in the corresponding thread [0].
>
> My first instinct is that we should just remove the database ownership
> check, which is what I've done in the attached patch. I don't see any
> strong reason to complicate matters with special
> database-owner-but-not-shared checks like other commands (e.g., VACUUM).
> But perhaps we should do so just for consistency's sake. Thoughts?
Your patch makes it inconsistent with vacuum full, which is strange
because vacuum full calls cluster.
postgres=> VACUUM FULL t;
VACUUM
postgres=> CLUSTER t;
ERROR: must be owner of table t
BTW, it'd be helpful to copy the relevant parties on this kind of
message, especially if there's a new thread dedicated just to this.
--
Justin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Smith | 2022-12-08 02:30:16 | Re: [DOCS] Stats views and functions not in order? |
| Previous Message | Tom Lane | 2022-12-08 00:03:00 | Re: [PATCH] pg_dump: lock tables in batches |