Provide per-table permissions for vacuum and analyze.
Currently a table can only be vacuumed or analyzed by its owner or
a superuser. This can now be extended to any user by means of an
appropriate GRANT.
Nathan Bossart
Reviewed by: Bharath Rupireddy, Kyotaro Horiguchi, Stephen Frost, Robert
Haas, Mark Dilger, Tom Lane, Corey Huinker, David G. Johnston, Michael
Paquier.
Discussion: https://postgr.es/m/20220722203735.GB3996698@nathanxps13
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/b5d6382496f2b8fc31abd92c2654a9a67aca76c6
Modified Files
--------------
doc/src/sgml/ddl.sgml | 49 ++++++++++++---
doc/src/sgml/func.sgml | 3 +-
doc/src/sgml/ref/alter_default_privileges.sgml | 4 +-
doc/src/sgml/ref/analyze.sgml | 3 +-
doc/src/sgml/ref/grant.sgml | 4 +-
doc/src/sgml/ref/revoke.sgml | 2 +-
doc/src/sgml/ref/vacuum.sgml | 3 +-
src/backend/catalog/aclchk.c | 8 +++
src/backend/commands/analyze.c | 13 ++--
src/backend/commands/vacuum.c | 62 ++++++++++---------
src/backend/parser/gram.y | 7 +++
src/backend/utils/adt/acl.c | 16 +++++
src/bin/pg_dump/dumputils.c | 2 +
src/bin/pg_dump/t/002_pg_dump.pl | 2 +-
src/bin/psql/tab-complete.c | 5 +-
src/include/commands/vacuum.h | 4 +-
src/include/nodes/parsenodes.h | 4 +-
src/include/utils/acl.h | 6 +-
src/test/regress/expected/dependency.out | 22 +++----
src/test/regress/expected/privileges.out | 86 +++++++++++++++++++-------
src/test/regress/expected/rowsecurity.out | 34 +++++-----
src/test/regress/expected/vacuum.out | 6 ++
src/test/regress/sql/dependency.sql | 2 +-
src/test/regress/sql/privileges.sql | 40 ++++++++++++
24 files changed, 274 insertions(+), 113 deletions(-)
