On Thu, Dec 15, 2022 at 10:10:43AM -0800, Jeff Davis wrote:
> On Thu, 2022-12-15 at 12:31 +0300, Pavel Luzanov wrote:
> > I think the approach that Nathan implemented [1] for TOAST tables
> > in the latest version can be used for partitioned tables as well.
> > Skipping the privilege check for partitions while working with
> > a partitioned table. In that case we would get exactly the same
> > behavior
> > as for INSERT, SELECT, etc privileges - the MAINTAIN privilege would
> > work for
> > the whole partitioned table, but not for individual partitions.
>
> There is some weirdness in 15, too:
I gather you mean postgresql v15.1 and master ?
> -- the following commands seem inconsistent to me:
> vacuum p; -- skips p1 with warning
> analyze p; -- skips p1 with warning
> cluster p using p_idx; -- silently skips p1
> reindex table p; -- reindexes p0 and p1 (owned by su)
Clustering on a partitioned table is new in v15, and this behavior is
from 3f19e176ae0 and cfdd03f45e6, which added
get_tables_to_cluster_partitioned(), borrowing from expand_vacuum_rel()
and get_tables_to_cluster().
vacuum initially calls vacuum_is_permitted_for_relation() only for the
partitioned table, and *later* locks the partition and then checks its
permissions, which is when the message is output.
Since v15, cluster calls get_tables_to_cluster_partitioned(), which
silently discards partitions failing ACL.
We could change it to emit a message, which would seem to behave like
vacuum, except that the check is happening earlier, and (unlike vacuum)
partitions skipped later during CLUOPT_RECHECK wouldn't have any message
output.
Or we could change cluster_rel() to output a message when skipping. But
these patches hardly touched that function at all. I suppose we could
change to emit a message during RECHECK (maybe only in master branch).
If need be, that could be controlled by a new CLUOPT_*.
--
Justin
