Re: vacuumdb: permission denied for schema "pg_temp_7"
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Fujii Masao <masao.fujii@oss.nttdata.com>
Cc: Michael Paquier <michael@paquier.xyz>, Christophe Pettus <xof@thebuild.com>, vaibhave postgres <postgresvaibhave@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Noah Misch <noah@leadboat.com>, pgsql-bugs@lists.postgresql.org, vsekar@microsoft.com
Date: 2024-09-24T14:26:21Z
Lists: pgsql-bugs
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
vacuumdb: Schema-qualify operator in catalog query's WHERE clause.
- eba8cc1af8ec 16.5 landed
- d4ade0bafb75 13.17 landed
- ce6f27857bba 14.14 landed
- 8318f2b170d8 18.0 landed
- 6d047c6a9192 15.9 landed
- 5e0431c32a8f 12.21 landed
- 5bd26e652780 17.1 landed
-
reindexdb: Skip reindexing temporary tables and indexes.
- 9410f7cbf4ff 13.17 landed
- 88e1153cb3c6 14.14 landed
- 92cc21d158f3 15.9 landed
- 653ce5b8b79c 16.5 landed
- 77f154681981 17.1 landed
- 20cfec896c6a 18.0 landed
-
vacuumdb: Skip temporary tables in query to build list of relations
- ef57a713580f 12.21 landed
- 9db4598c9c98 13.17 landed
- 60c618216ddb 14.14 landed
- 74eaa0544abf 15.9 landed
- 1ea4d9c001e6 16.5 landed
- 85cb21df673f 17.1 landed
- 1ab67c9dfaad 18.0 landed
-
Use catalog query to discover tables to process in vacuumdb
- e0c2933a767c 12.0 cited
On Tue, Sep 24, 2024 at 11:20:43PM +0900, Fujii Masao wrote: > On 2024/09/24 10:08, Michael Paquier wrote: >> About the permission restrictions depending on the objects listed, the >> filtering query uses currently a list of VALUES in a CTE. Perhaps it >> would be more elegant to switch that to a SELECT with some >> has_schema_privilege() for the cases where OBJFILTER_SCHEMA is >> used? >> >> There permission checks with USAGE and MAINTAIN are broader, so I'd >> choose to add a skip on the temp persistence first and backpatch it >> down to 12 as there is also a performance argument. Then tackle the >> rest by reworking the VALUES part in the CTE. > > Are you suggesting that any objects a user lacks sufficient privileges for > should be silently excluded from vacuuming? This could make vacuumdb appear > successful because no errors occur, but some tables the user intended to > vacuum might be skipped without notice. That seems more problematic to me. Yeah, this is what I mentioned upthread [0]. If the user doesn't specify anything in --table or --schema, then it's probably fine to silently skip objects for which they lack privileges. But if they do explicitly specify a table or schema that they cannot vacuum, then IMHO it'd be better to fail. [0] https://postgr.es/m/Zu3iMzfiGBTbg3iy%40nathan -- nathan