Postgres Pro
Downloads
Home   >   mailing lists

Re: add \dpS to psql - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: add \dpS to psql
Date
Msg-id 20221208171503.GA2113@nathanxps13
Whole thread Raw
In response to Re: add \dpS to psql  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: add \dpS to psql
Re: add \dpS to psql
List pgsql-hackers
Tree view 
On Thu, Dec 08, 2022 at 12:15:23AM -0500, Tom Lane wrote:
> Nathan Bossart <nathandbossart@gmail.com> writes:
>> On Wed, Dec 07, 2022 at 11:48:20PM -0500, Isaac Morland wrote:
>>> My previous analysis
>>> shows that there is no vast hidden demand for new privilege bits. If we
>>> implement MAINTAIN to control access to VACUUM, ANALYZE, REFRESH, CLUSTER,
>>> and REINDEX, we will cover everything that I can find that has seriously
>>> discussed on this list, and still leave 3 unused bits for future expansion.
> 
>> If we added CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX as individual
>> privilege bits, we'd still have 13 remaining for future use.
> 
> I think the appropriate question is not "have we still got bits left?".
> It should be more like "under what plausible scenario would it be useful
> to grant somebody CLUSTER but not VACUUM privileges on a table?".
> 
> I'm really thinking that MAINTAIN is the right level of granularity
> here.  Or maybe it's worth segregating exclusive-lock from
> not-exclusive-lock maintenance.  But I really fail to see how it's
> useful to distinguish CLUSTER from REINDEX, say.

The main idea behind this work is breaking out privileges into more
granular pieces.  If I want to create a role that only runs VACUUM on some
tables on the weekend, why ѕhould I have to also give it the ability to
ANALYZE, REFRESH, CLUSTER, and REINDEX?  IMHO we should really let the user
decide what set of privileges makes sense for their use-case.  I'm unsure
the grouping all these privileges together serves much purpose besides
preserving ACL bits.

The other reason I'm hesitant to group the privileges together is because I
suspect it will be difficult to reach agreement on how to do so, as
evidenced by past discussion [0].  That being said, I'm open to it if we
find a way that folks are happy with.  For example, separating
exclusive-lock and non-exclusive-lock maintenance actions seems like a
reasonable idea (which perhaps is an argument for moving VACUUM FULL out of
the VACUUM privilege).

[0] https://postgr.es/m/67a1d667e8ec228b5e07f232184c80348c5d93f4.camel%40j-davis.com

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Error-safe user functions
Next
From: Nathan Bossart
Date:
Subject: Re: fix and document CLUSTER privileges