Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p3LOp-0007ao-GA for pgsql-hackers@arkaria.postgresql.org; Thu, 08 Dec 2022 18:13:35 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1p3LOn-00062X-4t for pgsql-hackers@arkaria.postgresql.org; Thu, 08 Dec 2022 18:13:33 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p3LOm-000626-QC for pgsql-hackers@lists.postgresql.org; Thu, 08 Dec 2022 18:13:32 +0000 Received: from mail-pl1-x62b.google.com ([2607:f8b0:4864:20::62b]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1p3LOj-0003t0-D7 for pgsql-hackers@postgresql.org; Thu, 08 Dec 2022 18:13:32 +0000 Received: by mail-pl1-x62b.google.com with SMTP id m4so2297116pls.4 for ; Thu, 08 Dec 2022 10:13:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=jQI+XNw21CnPvGqJs0ZOR/Nr0bXyWW6REQzpUZqnrgk=; b=jqsvJ2UyH5V3s7ASqNYOGV+U2Wog6mmTm8PerN90xNlyNvFF5Plu1Y8pOigJQW6DMc +kPSLhaXQJectun5MOsO7l+OIC0aYSkshL9RpOWZEjxZjb+nRlisoBktrJyXqLHK7Hha AxqFyvjJccvsdVd7U62uXho28McszVgAxdvj3lYm+ONBP4AFHPWb57JD82161IS9vkPD fPw+fui9kXf52MxC6WHBWaspDXEoQLEFXmqANz7PI8WcXydVmmTJoC/6t7pkGVtSvRbG oev3hi2lCgU5f+Z6sH9YIhvn/XGycRugqifgCmtakGva7XMjvnJsFzG68yvhj2c/RCsV j3gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=jQI+XNw21CnPvGqJs0ZOR/Nr0bXyWW6REQzpUZqnrgk=; b=GUq5nMDyvrlgnrR9El5A9PP84a/0VIt6ZJuqBmlcNBbP/XYYOxWBIfesdciMZiE2Nc 7mJhGeDvCh0WafB+2PzYr45WtJ9CERaqOsxns4yhBfFtXXEh3tiQBGPEcdi5BcK5+gS1 ThxurIv1y/UwB4jFHdZJdf54/twzjcl3j2Ch99HUDm1NYJhQB8rceoLsaFtFDuQp9NcB N5UqEQipG39WkHHmP8EafxPGsxMIVv/WhIbf+c+yl+d/6ExSZNulKvbcpq9ZAl5oRQCq onpm56oJcmcmVbqHFviAlb3vj8jVuFCM3uBt8YKTLEiIfadI7Pcx975rlGeSeYPzwFOc zVhg== X-Gm-Message-State: ANoB5pnWw+g0pq3/1C7oxnIzMdDmZ0B6+bk4FTYnVET73YIzkGa2178z QeO+KeAYGtcPgLxp65Ehpc8= X-Google-Smtp-Source: AA0mqf7JDw7a0cRP986uEt/Xw1ajdmKdE2dwAEXNgNGHsOGwAXEK120thDPJMVk9vsS2BbTuVIsN6Q== X-Received: by 2002:a17:902:d716:b0:189:f0fc:24c2 with SMTP id w22-20020a170902d71600b00189f0fc24c2mr8479175ply.22.1670523206785; Thu, 08 Dec 2022 10:13:26 -0800 (PST) Received: from nathanxps13 ([50.47.162.83]) by smtp.gmail.com with ESMTPSA id f29-20020aa79d9d000000b00576ee69c130sm7960697pfq.4.2022.12.08.10.13.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Dec 2022 10:13:26 -0800 (PST) Date: Thu, 8 Dec 2022 10:13:24 -0800 From: Nathan Bossart To: Andrew Dunstan Cc: Justin Pryzby , pgsql-hackers@postgresql.org Subject: Re: fix and document CLUSTER privileges Message-ID: <20221208181324.GA4385@nathanxps13> References: <20221207223924.GA4182184@nathanxps13> <20221208022559.GA27893@telsasoft.com> <20221208041313.GA216874@nathanxps13> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Dec 08, 2022 at 07:20:28AM -0500, Andrew Dunstan wrote: > We should probably talk about what the privileges should be, though. I > think there's a case to be made that CLUSTER should be governed by the > VACUUM privileges, given how VACUUM FULL is now implemented. Currently, CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX (minus REINDEX SCHEMA|DATABASE|SYSTEM) require ownership of the relation or superuser. In fact, all three use the same RangeVarCallbackOwnsTable() callback function. My current thinking is that this is good enough. I don't sense any strong demand for allowing database owners to run these commands on all non-shared relations, and there's ongoing work to break out the privileges to GRANT and predefined roles. However, I don't have a strong opinion about this. If we do want to change the permissions model for CLUSTER, it might make sense to change all three of the aforementioned commands to look more like VACUUM/ANALYZE. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com