Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX

On Thu, Dec 15, 2022 at 01:02:39AM +0300, Pavel Luzanov wrote:
> On 14.12.2022 22:46, Jeff Davis wrote:
> > The behavior is that MAINTAIN
> > privileges on the partitioned table does not imply MAINTAIN privileges
> > on the partitions. I believe that's fine and it's consistent with other
> > privileges on partitioned tables, such as SELECT and INSERT.
>
> Sorry, I may have missed something, but here's what I see:
>
> postgres(at)postgres(16.0)=# create table p (id int) partition by list (id);
> postgres(at)postgres(16.0)=# create table p1 partition of p for values in (1);
> postgres(at)postgres(16.0)=# create table p2 partition of p for values in (2);
>
> postgres(at)postgres(16.0)=# grant select, insert, maintain on p to alice ;
>
> postgres(at)postgres(16.0)=# \c - alice
> You are now connected to database "postgres" as user "alice".
>
> alice(at)postgres(16.0)=> insert into p values (1);
> INSERT 0 1
> alice(at)postgres(16.0)=> select * from p;
>  id
> ----
>   1
> (1 row)
>
> alice(at)postgres(16.0)=> vacuum p;
> WARNING:  permission denied to vacuum "p1", skipping it
> WARNING:  permission denied to vacuum "p2", skipping it
> VACUUM

Yeah, but:

regression=> insert into p1 values (1);
ERROR: permission denied for table p1
regression=> select * from p1;
ERROR: permission denied for table p1