Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p3O8d-0007Ti-Ag for pgsql-hackers@arkaria.postgresql.org; Thu, 08 Dec 2022 21:09:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1p3O8b-0007JR-Mw for pgsql-hackers@arkaria.postgresql.org; Thu, 08 Dec 2022 21:09:01 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p3O8b-0007H5-BE for pgsql-hackers@lists.postgresql.org; Thu, 08 Dec 2022 21:09:01 +0000 Received: from mail-lf1-x136.google.com ([2a00:1450:4864:20::136]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1p3O8U-000164-EP for pgsql-hackers@postgresql.org; Thu, 08 Dec 2022 21:09:00 +0000 Received: by mail-lf1-x136.google.com with SMTP id cf42so3967117lfb.1 for ; Thu, 08 Dec 2022 13:08:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uoqC+JNrFHOvFgOlR3VfOIuPsgoiyyqPbGd0ijwLa8M=; b=fr5zuxPTShlv+GWEZ7ZTYSPwulxdXMwgFRt2HNiVjdGJKZCh5IaIViGmOn0158rWwS LB2tBpJQGEXkrFQrWm6oEmz0PuwWphs4g3icU8Lsyw5Xm96h3i4T47YOmkWxpYUfAh2E AgW+LpmXxGwbS3YEpZW7ok2EOOTWdLBaTUnuIxDm5hID9vcbTmUk+AQ9+aQ0xoAN945K 0k+v0SFdeWY3wSjodFYAufqmYsSvNuYJwt30EIqnDq21bgm1r+Mxc0mLUBetGarSE+di T0JygwVmxZhsizLlbqgnyO6sdy8kEtVBTc0M7ZRdTdr3GaWQAnAYsCLd+IbcUO+4OmCX 77TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uoqC+JNrFHOvFgOlR3VfOIuPsgoiyyqPbGd0ijwLa8M=; b=KC7BVV5H2dXmiKEyuemv9HQm8t1YLFQAn0wjctUE2xgM6qaPZipM05XWEu9HB3iDIb Bd7ROa9AnaTckmbRXKoFQ9nW2OdV0DVhf0dcHbpurl2UVyi495DxtkJ+xEkyH8zEIn3U 0aBHEdH1h4WK95FXvHzjWRpTwgc/8jAcHHsiKjgg4cSVbJK9IaU4B+ox5mkvyyFMkZKC HGbVHI3TLWeNOzXufijhlqyfstuxB6dJjij5qzuUTzQQe+j6JO3hVBJLu/ylUGPWN6Ae 8onIrl77Lj6Y6I1dbXJ4BHZGNNsLAWCjiCkSMThQCfAfF26Nhvq+2TUQdhsPJEbCZ8kx pkNg== X-Gm-Message-State: ANoB5pmjyrtdJnylK5zoMz8bvw930NOyxsj1c4LcN34fdTbn+Y2eOVMZ CWJKF0tLBlD5Uxfyr+Asq0b06Mo6bHpdx0uOUqw= X-Google-Smtp-Source: AA0mqf6ncNYZNR0WR9Uu47s5Ml+LDFNjqk10ixfobNFhaafqKIFokYI4E7wmIgCiZY9jo+xVjTFsl2gdFmhbe06swfY= X-Received: by 2002:ac2:5e61:0:b0:4a2:48c1:455f with SMTP id a1-20020ac25e61000000b004a248c1455fmr24256937lfr.96.1670533731859; Thu, 08 Dec 2022 13:08:51 -0800 (PST) MIME-Version: 1.0 References: <20221207223924.GA4182184@nathanxps13> <20221208022559.GA27893@telsasoft.com> <20221208041313.GA216874@nathanxps13> <20221208181324.GA4385@nathanxps13> In-Reply-To: <20221208181324.GA4385@nathanxps13> From: Robert Haas Date: Thu, 8 Dec 2022 16:08:40 -0500 Message-ID: Subject: Re: fix and document CLUSTER privileges To: Nathan Bossart Cc: Andrew Dunstan , Justin Pryzby , pgsql-hackers@postgresql.org Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Dec 8, 2022 at 1:13 PM Nathan Bossart wrote: > On Thu, Dec 08, 2022 at 07:20:28AM -0500, Andrew Dunstan wrote: > > We should probably talk about what the privileges should be, though. I > > think there's a case to be made that CLUSTER should be governed by the > > VACUUM privileges, given how VACUUM FULL is now implemented. > > Currently, CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX (minus REINDEX > SCHEMA|DATABASE|SYSTEM) require ownership of the relation or superuser. In > fact, all three use the same RangeVarCallbackOwnsTable() callback function. > My current thinking is that this is good enough. I don't sense any strong > demand for allowing database owners to run these commands on all non-shared > relations, and there's ongoing work to break out the privileges to GRANT > and predefined roles. +1. I don't see why being the database owner should give you the right to run a random subset of commands on any table in the database. Tables have their own system for access privileges; we should use that, or extend it as required. -- Robert Haas EDB: http://www.enterprisedb.com