On Wed, Dec 07, 2022 at 02:39:24PM -0800, Nathan Bossart wrote:
> Hi hackers,
>
> While looking into other opportunities for per-table permissions, I noticed
> a weird discrepancy in CLUSTER. When evaluating whether the current user
> has permission to CLUSTER a table, we ordinarily just check for ownership.
> However, the database owner is also allowed to CLUSTER all partitions that
> are not shared. This was added in 3f19e17, and I didn't see any discussion
> about it in the corresponding thread [0].
>
> My first instinct is that we should just remove the database ownership
> check, which is what I've done in the attached patch. I don't see any
> strong reason to complicate matters with special
> database-owner-but-not-shared checks like other commands (e.g., VACUUM).
> But perhaps we should do so just for consistency's sake. Thoughts?
Your patch makes it inconsistent with vacuum full, which is strange
because vacuum full calls cluster.
postgres=> VACUUM FULL t;
VACUUM
postgres=> CLUSTER t;
ERROR: must be owner of table t
BTW, it'd be helpful to copy the relevant parties on this kind of
message, especially if there's a new thread dedicated just to this.
--
Justin
