Re: predefined role(s) for VACUUM and ANALYZE

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Corey Huinker <corey.huinker@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Stephen Frost <sfrost@snowman.net>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, Kyotaro Horiguchi <horikyota.ntt@gmail.com>, Michael Paquier <michael@paquier.xyz>, Robert Haas <robertmhaas@gmail.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-28T17:13:13Z
Lists: pgsql-hackers
On 2022-11-23 We 18:54, Nathan Bossart wrote:
> On Wed, Nov 23, 2022 at 02:56:28PM -0500, Andrew Dunstan wrote:
>> I have committed the first couple of these to get them out of the way.
> Thanks!
>
>> But I think we need a bit of cleanup in the next patch.
>> vacuum_is_relation_owner() looks like it's now rather misnamed. Maybe
>> vacuum_is_permitted_for_relation()? Also I think we need a more thorough
>> reworking of the comments around line 566. And I think we need a more
>> detailed explanation of why the change in vacuum_rel is ok, and if it is
>> OK we should adjust the head comment on the function.
>>
>> In any case I think this comment would be better English with "might"
>> instead of "may":
>>
>> /* user may have the ANALYZE privilege */
> I've attempted to address all your feedback in v13.  Please let me know if
> anything needs further reworking.



Thanks,


pushed.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com




Commits

  1. Provide non-superuser predefined roles for vacuum and analyze

  2. Provide per-table permissions for vacuum and analyze.

  3. Expand AclMode to 64 bits

  4. Simplify WARNING messages from skipped vacuum/analyze on a table

  5. Allow granting SET and ALTER SYSTEM privileges on GUC parameters.

  6. Add String object access hooks