Re: fix and document CLUSTER privileges

From: Nathan Bossart <nathandbossart(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: fix and document CLUSTER privileges
Date: 2022-12-14 17:34:35
Message-ID: 20221214173435.GA690225@nathanxps13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Dec 08, 2022 at 04:08:40PM -0500, Robert Haas wrote:
> On Thu, Dec 8, 2022 at 1:13 PM Nathan Bossart <nathandbossart(at)gmail(dot)com> wrote:
>> SCHEMA|DATABASE|SYSTEM) require ownership of the relation or superuser. In
>> fact, all three use the same RangeVarCallbackOwnsTable() callback function.
>> My current thinking is that this is good enough. I don't sense any strong
>> demand for allowing database owners to run these commands on all non-shared
>> relations, and there's ongoing work to break out the privileges to GRANT
>> and predefined roles.
> +1.
> I don't see why being the database owner should give you the right to
> run a random subset of commands on any table in the database. Tables
> have their own system for access privileges; we should use that, or
> extend it as required.

Here is a rebased version of the patch.

Nathan Bossart
Amazon Web Services:

Attachment Content-Type Size
fix_cluster_privs_v2.patch text/x-diff 2.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2022-12-14 17:35:52 Re: Minimal logical decoding on standbys
Previous Message Robert Haas 2022-12-14 17:25:17 Re: Amcheck verification of GiST and GIN