Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Michael Paquier <michael(at)paquier(dot)xyz>
Cc: Jeff Davis <pgsql(at)j-davis(dot)com>, Ted Yu <yuzhihong(at)gmail(dot)com>, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX
Date: 2023-06-15 04:10:44
Message-ID: 20230615041044.GA736001@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Jun 15, 2023 at 09:46:33AM +0900, Michael Paquier wrote:
> The result after 0001 is applied is that a couple of
> object_ownercheck() calls that existed before ff9618e are removed from
> some ACL checks in the REINDEX, CLUSTER and VACUUM paths. Is that OK
> for shared relations and shouldn't cluster_is_permitted_for_relation()
> include that? vacuum_is_permitted_for_relation() is consistent on
> this side.

These object_ownercheck() calls were removed because they were redundant,
as owners have all privileges by default. Privileges can be revoked from
the owner, so an extra ownership check would effectively bypass the
relation's ACL in that case. I looked around and didn't see any other
examples of a combined ownership and ACL check like we were doing for
MAINTAIN. The only thing that gives me pause is that the docs call out
ownership as sufficient for some maintenance commands. With these patches,
that's only true as long as no one revokes privileges from the owner. IMO
we should update the docs and leave out the ownership checks since MAINTAIN
is now a grantable privilege like any other. WDYT?

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message jian he 2023-06-15 04:29:14 Re: Do we want a hashset type?
Previous Message Vladimir Churyukin 2023-06-15 02:52:57 Re: Bypassing shared_buffers