On Mon, Jul 25, 2022 at 9:47 PM Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > One arguable point would be whether we will need to put restriction > the target relations that Bob can vacuum/analyze.
But for a command with a target, you really ought to have a permission on the object, not just a general permission. On the other hand, we do have things like pg_read_all_tables, so we could have pg_vacuum_all_tables too.
I'm still more likely to create a specific security definer function owned by the relevant table owner to give out ANALYZE (and maybe VACUUM) permission to ETL-performing roles.
Still, it seems somewhat appealing to give people fine-grained control over this, rather than just "on" or "off".
Appealing enough to consume a couple of permission bits?
