On Tue, Dec 13, 2022 at 06:29:56PM -0800, Jeff Davis wrote:
> Right now, if an unprivileged user issues VACUUM/ANALYZE (without
> specifying a table), it will emit messages for each relation that it
> skips, including indexes, views, and other objects that can't be a
> direct target of VACUUM/ANALYZE anyway. Attached patch causes it to
> check the type of object first, and then check privileges second.
This also seems to be the case when a table name is specified:
postgres=# CREATE TABLE test (a INT);
CREATE TABLE
postgres=# CREATE INDEX ON test (a);
CREATE INDEX
postgres=# CREATE ROLE myuser;
CREATE ROLE
postgres=# SET ROLE myuser;
SET
postgres=> VACUUM test_a_idx;
WARNING: permission denied to vacuum "test_a_idx", skipping it
VACUUM
Granted, this likely won't create as much noise as a database-wide VACUUM,
but perhaps we could add a relkind check in expand_vacuum_rel() and swap
the checks in vacuum_rel()/analyze_rel(), too. I don't know if it's worth
the trouble, though.
> Found while reviewing the MAINTAIN privilege patch. Implemented with
> his suggested fix. I intend to commit soon.
LGTM
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
