From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Cc: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>, "John R Pierce *EXTERN*" <pierce(at)hogranch(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: Only owners can ANALYZE tables...seems overly restrictive |
Date: | 2016-03-24 02:15:41 |
Message-ID: | CAKFQuwaAhVt6audf92Q1VrELfJ+Pz=uDfNb8=1_bqAmyDpnDmA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, Feb 29, 2016 at 6:31 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
If we had plenty more bits to allow ANALYZE to be independently
GRANT'able, then maybe, but those are a limited resource.
On Mon, Feb 29, 2016 at 10:35 AM, Joshua D. Drake <jd(at)commandprompt(dot)com>
wrote:
3. This can already be handled by GRANT:
* psql -U jd -h localhost;
* create table foo (id text);
* create role jd_role;
* alter table foo owner to jd_role;
* grant jd_role to boo;
* \c jd boo
* analyze foo;
On 02/29/2016 09:09 AM, David G. Johnston wrote:
Given these two things it seems the least difficult solution that doesn't
make things any worse is to make "ANALYZE" grantable. If you were going to
give the user owner permissions anyway then having a less-inclusive
permission cannot hurt.
==================================================================
My last comment sums things up pretty well. I assume someone will insist
that a security definer function is "the officially supported way to do
this", and if the community wants to agree then fine. Otherwise, if you
are going to tell me to give someone ownership of a table so that they can
ANALYZE it then no intermediate solution I propose can be considered
off-limits on security grounds because nothing - relative to the table in
question - is less secure.
Which means that, aside from effort, the main blocking factors here are
code complexity (which I understand) and limited grant "bits" as Stephen
puts it. So I pose the question: do any of the committers consider a grant
bit too valuable to consume on an ANALYZE grant?
If that and/or general code complexity means this will not be added even if
a patch was proposed for 9.7 then I'll move on and institute one of the
hacks that has been proffered. Otherwise I have (more than) half a mind to
find some way to get a patch written.
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2016-03-24 04:12:00 | Re: PostgreSQL crash with PANIC message |
Previous Message | zh1029 | 2016-03-24 02:06:23 | Re: Doesn't PostgreSQL clean data in data file after delete records form table? |