Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX

On Fri, Jan 13, 2023 at 01:30:28PM -0800, Jeff Davis wrote:
> If we care about that use case, let's do it right and have forms of
> VACUUM/CLUSTER/REINDEX that check permissions on the main table, skip
> the work on the main table, and descend directly to the toast tables.
> That doesn't seem hard, but it's a separate patch.

You may be interested in https://commitfest.postgresql.org/41/4088/.

> Right now, we should simply fix the problem.

Okay. Here is a new patch set. I've split the partition work out to a
separate patch, and I've removed the main relation lookups for TOAST tables
in favor of adding a skip_privs flag to vacuum_rel(). The latter patch
probably needs some additional commentary and tests, which I'll go ahead
and add if we want to proceed with this approach. I'm assuming the session
lock should be sufficient for avoiding the case where the TOAST table's OID
is reused by the time we get to it, but I'm not sure if it's sufficient to
prevent vacuuming if the privileges on the main relation have changed
across transactions. Even if it's not, I'm not sure that case is worth
worrying about too much.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com