Hi hackers,
While looking into other opportunities for per-table permissions, I noticed
a weird discrepancy in CLUSTER. When evaluating whether the current user
has permission to CLUSTER a table, we ordinarily just check for ownership.
However, the database owner is also allowed to CLUSTER all partitions that
are not shared. This was added in 3f19e17, and I didn't see any discussion
about it in the corresponding thread [0].
My first instinct is that we should just remove the database ownership
check, which is what I've done in the attached patch. I don't see any
strong reason to complicate matters with special
database-owner-but-not-shared checks like other commands (e.g., VACUUM).
But perhaps we should do so just for consistency's sake. Thoughts?
It was also noted elsewhere [1] that the privilege requirements for CLUSTER
are not documented. The attached patch adds such documentation.
[0] https://postgr.es/m/20220411140609.GF26620%40telsasoft.com
[1] https://postgr.es/m/661148f4-c7f1-dec1-2bc8-29f3bd58e242%40postgrespro.ru
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
