Thread
Commits
-
Doc: document permissions required for ANALYZE.
- ed6df2e0e39c 11.6 landed
- e94cd0a8eb83 13.0 landed
- bae875d694d6 9.5.20 landed
- b7c1c33d901c 9.4.25 landed
- b3670f48d8bc 10.11 landed
- a1008caf0ac6 12.0 landed
- 5ce3b5552053 9.6.16 landed
-
Documentation clarification re: ANALYZE
Isaac Morland <isaac.morland@gmail.com> — 2019-08-07T21:14:04Z
I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, where it says “Without a table_and_columns list, ANALYZE processes every table and materialized view in the current database that the current user has permission to analyze.”. I don’t believe there is a separate “analyze” permission, so which tables is this? Tables owned by the user? Ones where it can insert/update/delete? Ones where it can select? If somebody can tell me, I'll make it a weekend project to propose a specific update to the documentation to make this more clear. Or maybe there should just be a cross-reference to another existing part of the documentation that explains more about this.
-
Re: Documentation clarification re: ANALYZE
David G. Johnston <david.g.johnston@gmail.com> — 2019-08-07T21:31:45Z
On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> wrote: > I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, > where it says “Without a table_and_columns list, ANALYZE processes every > table and materialized view in the current database that the current user > has permission to analyze.”. > > I don’t believe there is a separate “analyze” permission, so which tables > is this? Tables owned by the user? Ones where it can insert/update/delete? > Ones where it can select? > Owners only - at least in previous releases. I don't recall whether the addition of new roles to cover subsets of administrative privileges ever was extended to cover vacuum/analyze but I do not think it has. David J.
-
Re: Documentation clarification re: ANALYZE
Isaac Morland <isaac.morland@gmail.com> — 2019-08-07T21:42:23Z
On Wed, 7 Aug 2019 at 17:31, David G. Johnston <david.g.johnston@gmail.com> wrote: > On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> > wrote: > >> I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, >> where it says “Without a table_and_columns list, ANALYZE processes every >> table and materialized view in the current database that the current user >> has permission to analyze.”. >> >> I don’t believe there is a separate “analyze” permission, so which tables >> is this? Tables owned by the user? Ones where it can insert/update/delete? >> Ones where it can select? >> > > Owners only - at least in previous releases. I don't recall whether the > addition of new roles to cover subsets of administrative privileges ever > was extended to cover vacuum/analyze but I do not think it has. > Thanks. So presumably I would also have permission if I have SET ROLEd to the owner, or to a role which is an INHERIT member of the owner.
-
Re: Documentation clarification re: ANALYZE
Tom Lane <tgl@sss.pgh.pa.us> — 2019-08-07T21:54:14Z
"David G. Johnston" <david.g.johnston@gmail.com> writes: > On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> > wrote: >> I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, >> where it says “Without a table_and_columns list, ANALYZE processes every >> table and materialized view in the current database that the current user >> has permission to analyze.”. >> I don’t believe there is a separate “analyze” permission, so which tables >> is this? Tables owned by the user? Ones where it can insert/update/delete? >> Ones where it can select? > Owners only - at least in previous releases. I don't recall whether the > addition of new roles to cover subsets of administrative privileges ever > was extended to cover vacuum/analyze but I do not think it has. Actually, looking in the source code finds * We allow the user to vacuum or analyze a table if he is superuser, the * table owner, or the database owner (but in the latter case, only if * it's not a shared relation). It's definitely a documentation omission that this isn't spelled out in the ANALYZE reference page (VACUUM's page does have text about it). regards, tom lane -
Re: Documentation clarification re: ANALYZE
David G. Johnston <david.g.johnston@gmail.com> — 2019-08-07T22:01:31Z
On Wed, Aug 7, 2019 at 2:42 PM Isaac Morland <isaac.morland@gmail.com> wrote: > Thanks. So presumably I would also have permission if I have SET ROLEd to > the owner, or to a role which is an INHERIT member of the owner. > Yes, the table ownership role check walks up the role membership hierarchy if "inherit" is on for the current role. David J.
-
Re: Documentation clarification re: ANALYZE
Michael Paquier <michael@paquier.xyz> — 2019-08-08T09:22:31Z
On Wed, Aug 07, 2019 at 05:54:14PM -0400, Tom Lane wrote: > Actually, looking in the source code finds > > * We allow the user to vacuum or analyze a table if he is superuser, the > * table owner, or the database owner (but in the latter case, only if > * it's not a shared relation). > > It's definitely a documentation omission that this isn't spelled out in > the ANALYZE reference page (VACUUM's page does have text about it). As far as I recall we have been doing that for ages, so +1 for the documentation fix you have just done. -- Michael