Re: Only owners can ANALYZE tables...seems overly restrictive - Mailing list pgsql-general

From David G. Johnston
Subject Re: Only owners can ANALYZE tables...seems overly restrictive
Date
Msg-id CAKFQuwaAhVt6audf92Q1VrELfJ+Pz=uDfNb8=1_bqAmyDpnDmA@mail.gmail.com
Whole thread Raw
In response to Re: Only owners can ANALYZE tables...seems overly restrictive  ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses Re: Only owners can ANALYZE tables...seems overly restrictive
List pgsql-general
On Mon, Feb 29, 2016 at 6:31 AM, Stephen Frost <sfrost@snowman.net> wrote:
If we had plenty more bits to allow ANALYZE to be independently
GRANT'able, then maybe, but those are a limited resource.

On Mon, Feb 29, 2016 at 10:35 AM, Joshua D. Drake <jd@commandprompt.com> wrote:
​3. This can already be handled by GRANT:

* psql -U jd -h localhost;
* create table foo (id text);
* create role jd_role;
* alter table foo owner to jd_role;
* grant jd_role to boo;
* \c jd boo
* analyze foo;

On 02/29/2016 09:09 AM, David G. Johnston wrote:
Given these two things it seems the least difficult solution that doesn't make things any worse is to make "ANALYZE" grantable.  If you were going to give the user owner permissions anyway then having a less-inclusive permission cannot hurt.

==================================================================

My last comment sums things up pretty well.  I assume someone will insist that a security definer function is "the officially supported way to do this", and if the community wants to agree then fine.  Otherwise, if you are going to tell me to give someone ownership of a table so that they can ANALYZE it then no intermediate solution I propose can be considered off-limits on security grounds because nothing - relative to the table in question - is less secure.

Which means that, aside from effort, the main blocking factors here are code complexity (which I understand) and limited grant "bits" as Stephen puts it.  So I pose the question: do any of the committers consider a grant bit too valuable to consume on an ANALYZE grant?

If that and/or general code complexity means this will not be added even if a patch was proposed for 9.7 then I'll move on and institute one of the hacks that has been proffered.  Otherwise I have (more than) half a mind to find some way to get a patch written.

David J.

pgsql-general by date:

Previous
From: zh1029
Date:
Subject: Re: Doesn't PostgreSQL clean data in data file after delete records form table?
Next
From: Michael Paquier
Date:
Subject: Re: PostgreSQL crash with PANIC message