Re: fix and document CLUSTER privileges - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: fix and document CLUSTER privileges
Date
Msg-id 20221214173435.GA690225@nathanxps13
Whole thread Raw
In response to Re: fix and document CLUSTER privileges  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: fix and document CLUSTER privileges
List pgsql-hackers
On Thu, Dec 08, 2022 at 04:08:40PM -0500, Robert Haas wrote:
> On Thu, Dec 8, 2022 at 1:13 PM Nathan Bossart <nathandbossart@gmail.com> wrote:
>> Currently, CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX (minus REINDEX
>> SCHEMA|DATABASE|SYSTEM) require ownership of the relation or superuser.  In
>> fact, all three use the same RangeVarCallbackOwnsTable() callback function.
>> My current thinking is that this is good enough.  I don't sense any strong
>> demand for allowing database owners to run these commands on all non-shared
>> relations, and there's ongoing work to break out the privileges to GRANT
>> and predefined roles.
> 
> +1.
> 
> I don't see why being the database owner should give you the right to
> run a random subset of commands on any table in the database. Tables
> have their own system for access privileges; we should use that, or
> extend it as required.

Here is a rebased version of the patch.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

Attachment

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Amcheck verification of GiST and GIN
Next
From: Andres Freund
Date:
Subject: Re: Minimal logical decoding on standbys