On Thu, Dec 15, 2022 at 10:10:43AM -0800, Jeff Davis wrote: > The proposal to skip privilege checks for partitions would be > consistent with INSERT, SELECT, REINDEX that flow through to the > underlying partitions regardless of permissions/ownership (and even > RLS). It would be very minor behavior change on 15 for this weird case > of superuser-owned partitions, but I doubt anyone would be relying on > that.
I've attached a work-in-progress patch that aims to accomplish this. Instead of skipping the privilege checks, I added logic to trawl through pg_inherits and pg_class to check whether the user has privileges for the partitioned table or for the main relation of a TOAST table. This means that MAINTAIN on a partitioned table is enough to execute maintenance commands on all the partitions, and MAINTAIN on a main relation is enough to execute maintenance commands on its TOAST table. Also, the maintenance commands that flow through to the partitions or the TOAST table should no longer error due to permissions when the user only has MAINTAIN on the paritioned table or main relation.