Re: predefined role(s) for VACUUM and ANALYZE

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: predefined role(s) for VACUUM and ANALYZE
Date: 2022-09-06 17:47:49
Message-ID: 20220906174749.GA2080137@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Mon, Sep 05, 2022 at 11:56:30AM -0700, Nathan Bossart wrote:
> Here is a first attempt at allowing users to grant VACUUM or ANALYZE
> per-relation. Overall, this seems pretty straightforward. I needed to
> adjust the permissions logic for VACUUM/ANALYZE a bit, which causes some
> extra WARNING messages for VACUUM (ANALYZE) in some cases, but this didn't
> seem particularly worrisome. It may be desirable to allow granting ANALYZE
> on specific columns or to allow granting VACUUM/ANALYZE at the schema or
> database level, but that is left as a future exercise.

Here is a new patch set with some follow-up patches to implement $SUBJECT.
0001 is the same as v3. 0002 simplifies some WARNING messages as suggested
upthread [0]. 0003 adds the new pg_vacuum_all_tables and
pg_analyze_all_tables predefined roles. Instead of adjusting the
permissions logic in vacuum.c, I modified pg_class_aclmask_ext() to return
the ACL_VACUUM and/or ACL_ANALYZE bits as appropriate.


Nathan Bossart
Amazon Web Services:

Attachment Content-Type Size
v4-0001-Allow-granting-VACUUM-and-ANALYZE-privileges-on-r.patch text/x-diff 39.2 KB
v4-0002-Simplify-WARNING-messages-emitted-when-skipping-v.patch text/x-diff 18.6 KB
v4-0003-Add-pg_vacuum_all_tables-and-pg_analyze_all_table.patch text/x-diff 9.4 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2022-09-06 18:41:23 Re: HOT chain validation in verify_heapam()
Previous Message Robert Haas 2022-09-06 17:37:13 Re: making relfilenodes 56 bits