Provide per-table permissions for vacuum and analyze

Enterprise / PostgreSQL - Andrew Dunstan [dunslane.net] - 28 November 2022 17:08 UTC

Currently a table can only be vacuumed or analyzed by its owner or a superuser. This can now be extended to any user by means of an appropriate GRANT.

Nathan Bossart

Reviewed by: Bharath Rupireddy, Kyotaro Horiguchi, Stephen Frost, Robert Haas, Mark Dilger, Tom Lane, Corey Huinker, David G. Johnston, Michael Paquier.

Discussion: https://postgr.es/m/20220722203735.GB3996698@nathanxps13

b5d6382496 Provide per-table permissions for vacuum and analyze.
doc/src/sgml/ddl.sgml | 49 ++++++++++++---
doc/src/sgml/func.sgml | 3 +-
doc/src/sgml/ref/alter_default_privileges.sgml | 4 +-
doc/src/sgml/ref/analyze.sgml | 3 +-
doc/src/sgml/ref/grant.sgml | 4 +-
doc/src/sgml/ref/revoke.sgml | 2 +-
doc/src/sgml/ref/vacuum.sgml | 3 +-
src/backend/catalog/aclchk.c | 8 +++
src/backend/commands/analyze.c | 13 ++--
src/backend/commands/vacuum.c | 62 ++++++++++---------
src/backend/parser/gram.y | 7 +++
src/backend/utils/adt/acl.c | 16 +++++
src/bin/pg_dump/dumputils.c | 2 +
src/bin/pg_dump/t/002_pg_dump.pl | 2 +-
src/bin/psql/tab-complete.c | 5 +-
src/include/commands/vacuum.h | 4 +-
src/include/nodes/parsenodes.h | 4 +-
src/include/utils/acl.h | 6 +-
src/test/regress/expected/dependency.out | 22 +++----
src/test/regress/expected/privileges.out | 86 +++++++++++++++++++-------
src/test/regress/expected/rowsecurity.out | 34 +++++-----
src/test/regress/expected/vacuum.out | 6 ++
src/test/regress/sql/dependency.sql | 2 +-
src/test/regress/sql/privileges.sql | 40 ++++++++++++
24 files changed, 274 insertions(+), 113 deletions(-)

Upstream: git.postgresql.org


  • Share