Thread: pgsql: Add grantable MAINTAIN privilege and pg_maintain role.

Add grantable MAINTAIN privilege and pg_maintain role.

Allows VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
and LOCK TABLE.

Effectively reverts 4441fc704d. Instead of creating separate
privileges for VACUUM, ANALYZE, and other maintenance commands, group
them together under a single MAINTAIN privilege.

Author: Nathan Bossart
Discussion: https://postgr.es/m/20221212210136.GA449764@nathanxps13
Discussion: https://postgr.es/m/45224.1670476523@sss.pgh.pa.us

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/60684dd834a222fefedd49b19d1f0a6189c1632e

Modified Files
--------------
doc/src/sgml/ddl.sgml                           |  42 ++----
doc/src/sgml/func.sgml                          |   3 +-
doc/src/sgml/ref/alter_default_privileges.sgml  |   4 +-
doc/src/sgml/ref/analyze.sgml                   |   9 +-
doc/src/sgml/ref/cluster.sgml                   |   8 +-
doc/src/sgml/ref/grant.sgml                     |   5 +-
doc/src/sgml/ref/lock.sgml                      |  16 ++-
doc/src/sgml/ref/refresh_materialized_view.sgml |   5 +-
doc/src/sgml/ref/reindex.sgml                   |  13 +-
doc/src/sgml/ref/revoke.sgml                    |   2 +-
doc/src/sgml/ref/vacuum.sgml                    |   9 +-
doc/src/sgml/user-manag.sgml                    |  19 ++-
src/backend/catalog/aclchk.c                    |  35 ++---
src/backend/commands/analyze.c                  |   2 +-
src/backend/commands/cluster.c                  |  18 ++-
src/backend/commands/indexcmds.c                |  36 +++--
src/backend/commands/lockcmds.c                 |   3 +
src/backend/commands/matview.c                  |   3 +-
src/backend/commands/tablecmds.c                |  16 ++-
src/backend/commands/vacuum.c                   |  17 +--
src/backend/parser/gram.y                       |   7 -
src/backend/utils/adt/acl.c                     |  22 +--
src/bin/pg_dump/dumputils.c                     |   3 +-
src/bin/pg_dump/t/002_pg_dump.pl                |   2 +-
src/bin/psql/tab-complete.c                     |   5 +-
src/include/catalog/catversion.h                |   2 +-
src/include/catalog/pg_authid.dat               |   9 +-
src/include/commands/tablecmds.h                |   5 +-
src/include/nodes/parsenodes.h                  |   5 +-
src/include/utils/acl.h                         |   7 +-
src/test/regress/expected/dependency.out        |  20 +--
src/test/regress/expected/privileges.out        | 181 +++++++++++++-----------
src/test/regress/expected/rowsecurity.out       |  32 ++---
src/test/regress/expected/vacuum.out            |   6 -
src/test/regress/sql/dependency.sql             |   2 +-
src/test/regress/sql/privileges.sql             | 121 ++++++++--------
36 files changed, 340 insertions(+), 354 deletions(-)

On 14.12.22 02:35, Jeff Davis wrote:
> Add grantable MAINTAIN privilege and pg_maintain role.
> 
> Allows VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
> and LOCK TABLE.
> 
> Effectively reverts 4441fc704d. Instead of creating separate
> privileges for VACUUM, ANALYZE, and other maintenance commands, group
> them together under a single MAINTAIN privilege.
> 
> Author: Nathan Bossart
> Discussion: https://postgr.es/m/20221212210136.GA449764@nathanxps13
> Discussion: https://postgr.es/m/45224.1670476523@sss.pgh.pa.us

This commit removed RangeVarCallbackOwnsTable(), but there is still a 
mention of it in a comment in src/backend/commands/tablecmds.c.  Maybe 
that mention can simply be removed, or the comment rephrased.

On Sat, 2023-04-15 at 20:47 +0200, Peter Eisentraut wrote:
> This commit removed RangeVarCallbackOwnsTable(), but there is still a
> mention of it in a comment in src/backend/commands/tablecmds.c. 
> Maybe
> that mention can simply be removed, or the comment rephrased.

Thank you, fixed.


--
Jeff Davis
PostgreSQL Contributor Team - AWS