| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | btsugieyuusuke <btsugieyuusuke(at)oss(dot)nttdata(dot)com> |
| Cc: | Pgsql Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: ACL_MAINTAIN, Lack of comment content |
| Date: | 2024-09-30 09:40:29 |
| Message-ID: | F2B578E9-9753-4960-9838-1A41D7995BF9@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 30 Sep 2024, at 10:29, btsugieyuusuke <btsugieyuusuke(at)oss(dot)nttdata(dot)com> wrote:
>
> Hi hackers,
> I found a flaw in the ACL_MAINTAIN comment.
>
> Commands such as VACUUM are listed as commands that are allowed to be executed by the MAINTAIN privilege.
> However, LOCK TABLE is missing from the comment.
>
>> /*
>> * Check if ACL_MAINTAIN is being checked and, if so, and not already set
>> * as part of the result, then check if the user is a member of the
>> * pg_maintain role, which allows VACUUM, ANALYZE, CLUSTER, REFRESH
>> * MATERIALIZED VIEW, and REINDEX on all relations.
>> */
>
> Therefore, shouldn't LOCK TABLE be added to the comment?
That's correct, for the list to be complete LOCK TABLE should be added as per
the attached.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| acl_maintain_comment.diff | application/octet-stream | 664 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrei Lepikhov | 2024-09-30 09:50:40 | Re: allowing extensions to control planner behavior |
| Previous Message | Peter Smith | 2024-09-30 09:25:00 | Re: Conflict Detection and Resolution |