Thread

Commits

  1. Doc: document permissions required for ANALYZE.

  1. Documentation clarification re: ANALYZE

    Isaac Morland <isaac.morland@gmail.com> — 2019-08-07T21:14:04Z

    I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
    where it says “Without a table_and_columns list, ANALYZE processes every
    table and materialized view in the current database that the current user
    has permission to analyze.”.
    
    I don’t believe there is a separate “analyze” permission, so which tables
    is this? Tables owned by the user? Ones where it can insert/update/delete?
    Ones where it can select?
    
    If somebody can tell me, I'll make it a weekend project to propose a
    specific update to the documentation to make this more clear. Or maybe
    there should just be a cross-reference to another existing part of the
    documentation that explains more about this.
    
  2. Re: Documentation clarification re: ANALYZE

    David G. Johnston <david.g.johnston@gmail.com> — 2019-08-07T21:31:45Z

    On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
    wrote:
    
    > I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
    > where it says “Without a table_and_columns list, ANALYZE processes every
    > table and materialized view in the current database that the current user
    > has permission to analyze.”.
    >
    > I don’t believe there is a separate “analyze” permission, so which tables
    > is this? Tables owned by the user? Ones where it can insert/update/delete?
    > Ones where it can select?
    >
    
    Owners only - at least in previous releases.  I don't recall whether the
    addition of new roles to cover subsets of administrative privileges ever
    was extended to cover vacuum/analyze but I do not think it has.
    
    David J.
    
  3. Re: Documentation clarification re: ANALYZE

    Isaac Morland <isaac.morland@gmail.com> — 2019-08-07T21:42:23Z

    On Wed, 7 Aug 2019 at 17:31, David G. Johnston <david.g.johnston@gmail.com>
    wrote:
    
    > On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
    > wrote:
    >
    >> I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
    >> where it says “Without a table_and_columns list, ANALYZE processes every
    >> table and materialized view in the current database that the current user
    >> has permission to analyze.”.
    >>
    >> I don’t believe there is a separate “analyze” permission, so which tables
    >> is this? Tables owned by the user? Ones where it can insert/update/delete?
    >> Ones where it can select?
    >>
    >
    > Owners only - at least in previous releases.  I don't recall whether the
    > addition of new roles to cover subsets of administrative privileges ever
    > was extended to cover vacuum/analyze but I do not think it has.
    >
    
    Thanks. So presumably I would also have permission if I have SET ROLEd to
    the owner, or to a role which is an INHERIT member of the owner.
    
  4. Re: Documentation clarification re: ANALYZE

    Tom Lane <tgl@sss.pgh.pa.us> — 2019-08-07T21:54:14Z

    "David G. Johnston" <david.g.johnston@gmail.com> writes:
    > On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
    > wrote:
    >> I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
    >> where it says “Without a table_and_columns list, ANALYZE processes every
    >> table and materialized view in the current database that the current user
    >> has permission to analyze.”.
    >> I don’t believe there is a separate “analyze” permission, so which tables
    >> is this? Tables owned by the user? Ones where it can insert/update/delete?
    >> Ones where it can select?
    
    > Owners only - at least in previous releases.  I don't recall whether the
    > addition of new roles to cover subsets of administrative privileges ever
    > was extended to cover vacuum/analyze but I do not think it has.
    
    Actually, looking in the source code finds
    
         * We allow the user to vacuum or analyze a table if he is superuser, the
         * table owner, or the database owner (but in the latter case, only if
         * it's not a shared relation).
    
    It's definitely a documentation omission that this isn't spelled out in
    the ANALYZE reference page (VACUUM's page does have text about it).
    
    			regards, tom lane
    
    
    
    
  5. Re: Documentation clarification re: ANALYZE

    David G. Johnston <david.g.johnston@gmail.com> — 2019-08-07T22:01:31Z

    On Wed, Aug 7, 2019 at 2:42 PM Isaac Morland <isaac.morland@gmail.com>
    wrote:
    
    > Thanks. So presumably I would also have permission if I have SET ROLEd to
    > the owner, or to a role which is an INHERIT member of the owner.
    >
    
    Yes, the table ownership role check walks up the role membership hierarchy
    if "inherit" is on for the current role.
    
    David J.
    
  6. Re: Documentation clarification re: ANALYZE

    Michael Paquier <michael@paquier.xyz> — 2019-08-08T09:22:31Z

    On Wed, Aug 07, 2019 at 05:54:14PM -0400, Tom Lane wrote:
    > Actually, looking in the source code finds
    > 
    >      * We allow the user to vacuum or analyze a table if he is superuser, the
    >      * table owner, or the database owner (but in the latter case, only if
    >      * it's not a shared relation).
    > 
    > It's definitely a documentation omission that this isn't spelled out in
    > the ANALYZE reference page (VACUUM's page does have text about it).
    
    As far as I recall we have been doing that for ages, so +1 for the
    documentation fix you have just done.
    --
    Michael