Re: predefined role(s) for VACUUM and ANALYZE

On Mon, Sep 05, 2022 at 11:56:30AM -0700, Nathan Bossart wrote:
> Here is a first attempt at allowing users to grant VACUUM or ANALYZE
> per-relation. Overall, this seems pretty straightforward. I needed to
> adjust the permissions logic for VACUUM/ANALYZE a bit, which causes some
> extra WARNING messages for VACUUM (ANALYZE) in some cases, but this didn't
> seem particularly worrisome. It may be desirable to allow granting ANALYZE
> on specific columns or to allow granting VACUUM/ANALYZE at the schema or
> database level, but that is left as a future exercise.

Here is a new patch set with some follow-up patches to implement $SUBJECT.
0001 is the same as v3. 0002 simplifies some WARNING messages as suggested
upthread [0]. 0003 adds the new pg_vacuum_all_tables and
pg_analyze_all_tables predefined roles. Instead of adjusting the
permissions logic in vacuum.c, I modified pg_class_aclmask_ext() to return
the ACL_VACUUM and/or ACL_ANALYZE bits as appropriate.

[0] https://postgr.es/m/20220726.104712.912995710251150228.horikyota.ntt%40gmail.com

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com