digoal
2024-03-14
PostgreSQL , PolarDB , DuckDB , pg_maintain , MAINTAIN , vacuum , analyze , reindex , REFRESH MATERIALIZE VIEW , CLUSTER , LOCK TABLE
Roles with MAINTAIN on a relation may run VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZE VIEW, CLUSTER, and LOCK TABLE on the relation.
Roles with privileges of pg_maintain may run those same commands on all relations.
Reintroduce MAINTAIN privilege and pg_maintain predefined role.
author Nathan Bossart <nathan@postgresql.org>
Wed, 13 Mar 2024 19:49:26 +0000 (14:49 -0500)
committer Nathan Bossart <nathan@postgresql.org>
Wed, 13 Mar 2024 19:49:26 +0000 (14:49 -0500)
commit ecb0fd33720fab91df1207e85704f382f55e1eb7
tree fa83d8722e9714510a7331664290d79f3a4075f7 tree
parent 2041bc4276c95ac014510032e622a4baf70b29f1 commit | diff
Reintroduce MAINTAIN privilege and pg_maintain predefined role.
Roles with MAINTAIN on a relation may run VACUUM, ANALYZE, REINDEX,
REFRESH MATERIALIZE VIEW, CLUSTER, and LOCK TABLE on the relation.
Roles with privileges of pg_maintain may run those same commands on
all relations.
This was previously committed for v16, but it was reverted in
commit 151c22deee due to concerns about search_path tricks that
could be used to escalate privileges to the table owner. Commits
2af07e2f74, 59825d1639, and c7ea3f4229 resolved these concerns by
restricting search_path when running maintenance commands.
Bumps catversion.
Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/20240305161235.GA3478007%40nathanxps13
