projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2041bc4) | patch
Reintroduce MAINTAIN privilege and pg_maintain predefined role.
authorNathan Bossart <[email protected]>
Wed, 13 Mar 2024 19:49:26 +0000 (14:49 -0500)
committerNathan Bossart <[email protected]>
Wed, 13 Mar 2024 19:49:26 +0000 (14:49 -0500)
commitecb0fd33720fab91df1207e85704f382f55e1eb7
treefa83d8722e9714510a7331664290d79f3a4075f7tree
parent2041bc4276c95ac014510032e622a4baf70b29f1commit | diff
Reintroduce MAINTAIN privilege and pg_maintain predefined role.

Roles with MAINTAIN on a relation may run VACUUM, ANALYZE, REINDEX,
REFRESH MATERIALIZE VIEW, CLUSTER, and LOCK TABLE on the relation.
Roles with privileges of pg_maintain may run those same commands on
all relations.

This was previously committed for v16, but it was reverted in
commit 151c22deee due to concerns about search_path tricks that
could be used to escalate privileges to the table owner.  Commits
2af07e2f7459825d1639, and c7ea3f4229 resolved these concerns by
restricting search_path when running maintenance commands.

Bumps catversion.

Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/20240305161235.GA3478007%40nathanxps13
42 files changed:
doc/src/sgml/ddl.sgml diff | blob | blame | history
doc/src/sgml/func.sgml diff | blob | blame | history
doc/src/sgml/ref/alter_default_privileges.sgml diff | blob | blame | history
doc/src/sgml/ref/analyze.sgml diff | blob | blame | history
doc/src/sgml/ref/cluster.sgml diff | blob | blame | history
doc/src/sgml/ref/grant.sgml diff | blob | blame | history
doc/src/sgml/ref/lock.sgml diff | blob | blame | history
doc/src/sgml/ref/refresh_materialized_view.sgml diff | blob | blame | history
doc/src/sgml/ref/reindex.sgml diff | blob | blame | history
doc/src/sgml/ref/revoke.sgml diff | blob | blame | history
doc/src/sgml/ref/vacuum.sgml diff | blob | blame | history
doc/src/sgml/user-manag.sgml diff | blob | blame | history
src/backend/catalog/aclchk.c diff | blob | blame | history
src/backend/commands/analyze.c diff | blob | blame | history
src/backend/commands/cluster.c diff | blob | blame | history
src/backend/commands/indexcmds.c diff | blob | blame | history
src/backend/commands/lockcmds.c diff | blob | blame | history
src/backend/commands/matview.c diff | blob | blame | history
src/backend/commands/tablecmds.c diff | blob | blame | history
src/backend/commands/vacuum.c diff | blob | blame | history
src/backend/postmaster/autovacuum.c diff | blob | blame | history
src/backend/utils/adt/acl.c diff | blob | blame | history
src/bin/pg_dump/dumputils.c diff | blob | blame | history
src/bin/pg_dump/t/002_pg_dump.pl diff | blob | blame | history
src/bin/psql/tab-complete.c diff | blob | blame | history
src/include/catalog/catversion.h diff | blob | blame | history
src/include/catalog/pg_authid.dat diff | blob | blame | history
src/include/commands/tablecmds.h diff | blob | blame | history
src/include/commands/vacuum.h diff | blob | blame | history
src/include/nodes/parsenodes.h diff | blob | blame | history
src/include/utils/acl.h diff | blob | blame | history
src/test/isolation/expected/cluster-conflict-partition.out diff | blob | blame | history
src/test/isolation/specs/cluster-conflict-partition.spec diff | blob | blame | history
src/test/perl/PostgreSQL/Test/AdjustUpgrade.pm diff | blob | blame | history
src/test/regress/expected/cluster.out diff | blob | blame | history
src/test/regress/expected/create_index.out diff | blob | blame | history
src/test/regress/expected/dependency.out diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/cluster.sql diff | blob | blame | history
src/test/regress/sql/dependency.sql diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
This is the main PostgreSQL git repository.