database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-27 00:12:01 +03:00
Code Activity

Add grantable MAINTAIN privilege and pg_maintain role.

Browse Source 
Allows VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
and LOCK TABLE.

Effectively reverts 4441fc704d. Instead of creating separate
privileges for VACUUM, ANALYZE, and other maintenance commands, group
them together under a single MAINTAIN privilege.

Author: Nathan Bossart
Discussion: https://postgr.es/m/20221212210136.GA449764@nathanxps13
Discussion: https://postgr.es/m/45224.1670476523@sss.pgh.pa.us
This commit is contained in:
Jeff Davis
2022-12-13 17:33:28 -08:00
parent c6f6646bb0
commit 60684dd834
36 changed files with 338 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/commands/lockcmds.c
View File

@@ -300,6 +300,9 @@ LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid)
else
aclmask = ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE;
/* MAINTAIN privilege allows all lock modes */
aclmask |= ACL_MAINTAIN;
aclresult = pg_class_aclcheck(reloid, userid, aclmask);
return aclresult;