Re: Flexible permissions for REFRESH MATERIALIZED VIEW

Thanks for pointing me to this. I also did a search in the archives and
found a 2006 thread on TRUNCATE, VACUUM, and ANALYZE privileges:

https://www.postgresql.org/message-id/flat/20060105140406.GX6026%40ns.snowman.net

I'm not seeing much else. As far as I can see, the only demand for using
more privilege bits is for VACUUM, ANALYZE, REFRESH, CLUSTER, and REINDEX.

So revised proposal: instead of calling it REFRESH, call it MAINTAIN.
Anybody with MAINTAIN permission can do any of those 5 different
maintenance actions as if they were the owner of the relation in question.

This uses just 1 bit, leaving 3 more for future expansion, and satisfying
all the outstanding requests to allocate privilege bits. I think. That
seems like a pretty good deal to me. Also, if a future proposal comes
along, it may be appropriate to re-use this new permission at that time, as
long as the word "maintain" makes even a little sense as the name in the
new context.

We would probably have to apply the same rule to all of these, that the
owner can always perform these actions, because of the issue with dumps
restored from older databases.

On 28 March 2018 at 21:56, David G. Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>
wrote:

> On Wed, Mar 28, 2018 at 6:38 PM, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>
> wrote:
>
>> ​​
>> One question I would have is: what proposals exist or have existed for
>> additional privilege bits? How much pressure is there to use some of the
>> remaining bits? I actually looked into the history of the permission bits
>> and found that we can summarize and approximate the history as 10 years of
>> expansion from 4 to 12, then nothing added in the last 10 years.
>>
>
> ​I made an argument for an "ANALYZE" grant a little while back, and it
> kinda leads one to want one for VACUUM as well.
>
> https://www.postgresql.org/message-id/CAKFQuwZ6dhjTFV7Bwmehe1N3%
> 3Dk484y4mM22zuYjVEU2dq9V1aQ%40mail.gmail.com
>
> ​David J.​
>
>