Re: pgsql: Fix search_path to a safe value during maintenance operations.
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Noah Misch <noah@leadboat.com>, Tom Lane <tgl@sss.pgh.pa.us>, Jeff Davis <jdavis@postgresql.org>, "pgsql-committers@lists.postgresql.org"
<pgsql-committers@lists.postgresql.org>, Laurenz Albe <laurenz.albe@cybertec.at>
Date: 2023-06-13T21:00:32Z
Lists: pgsql-hackers
On Tue, Jun 13, 2023 at 1:55 PM Jeff Davis <pgsql@j-davis.com> wrote: > Perhaps the objections in that thread were because the proposal > involved inferring the privilege to ANALYZE from other privileges, > rather than having an explicit MAINTAIN privilege? > > That is true; but it seems worth being explicit whether we expect the user to only be able to run "ANALYZE" using defaults (like auto-analyze would do) or if this additional capability is assumed to be part of the grant. I do imagine you'd want to be able to set the statistic target in order to do vacuum --analyze-in-stages with a non-superuser. David J.
Commits
-
Fix search_path to a safe value during maintenance operations.
- 2af07e2f749a 17.0 landed
- 05e173735171 16.0 cited
-
Revert MAINTAIN privilege and pg_maintain predefined role.
- 957445996fda 16.0 landed
- 151c22deee66 17.0 landed
-
Add grantable MAINTAIN privilege and pg_maintain role.
- 60684dd834a2 16.0 cited
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 cited