| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | Jeff Davis <pgsql(at)j-davis(dot)com>, Ted Yu <yuzhihong(at)gmail(dot)com>, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX |
| Date: | 2023-06-22 07:11:08 |
| Message-ID: | ZJP0DCMAJn+X+waw@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 21, 2023 at 08:06:06PM -0700, Nathan Bossart wrote:
> On Thu, Jun 22, 2023 at 10:46:41AM +0900, Michael Paquier wrote:
>> - /*
>> - * We already checked that the user has privileges to CLUSTER the
>> - * partitioned table when we locked it earlier, so there's no need to
>> - * check the privileges again here.
>> - */
>> + if (!cluster_is_permitted_for_relation(relid, GetUserId()))
>> + continue;
>> I would add a comment here that this ACL recheck for the leaves is an
>> important thing to keep around as it impacts the case where the leaves
>> have a different owner than the parent, and the owner of the parent
>> clusters it. The only place in the tests where this has an influence
>> is the isolation test cluster-conflict-partition.
>
> Done.
+ /*
+ * It's possible that the user does not have privileges to CLUSTER the
+ * leaf partition despite having such privileges on the partitioned
+ * table. We skip any partitions which the user is not permitted to
+ * CLUSTER.
+ */
Sounds good to me. Thanks.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2023-06-22 07:26:27 | Re: BUG #17946: LC_MONETARY & DO LANGUAGE plperl - BUG |
| Previous Message | Amit Kapila | 2023-06-22 06:24:24 | Re: [DOC] Update ALTER SUBSCRIPTION documentation v3 |