diff options
author | Andrew Dunstan <andrew@dunslane.net> | 2022-11-28 10:08:42 -0500 |
---|---|---|
committer | Andrew Dunstan <andrew@dunslane.net> | 2022-11-28 12:08:14 -0500 |
commit | b5d6382496f2b8fc31abd92c2654a9a67aca76c6 (patch) | |
tree | 2f9521bf4654a1643f7987b1dbc1247b81283ff3 /src/backend/utils/adt/acl.c | |
parent | 1f059a440864021b23b0667e7c0cb664710b660d (diff) |
Provide per-table permissions for vacuum and analyze.
Currently a table can only be vacuumed or analyzed by its owner or
a superuser. This can now be extended to any user by means of an
appropriate GRANT.
Nathan Bossart
Reviewed by: Bharath Rupireddy, Kyotaro Horiguchi, Stephen Frost, Robert
Haas, Mark Dilger, Tom Lane, Corey Huinker, David G. Johnston, Michael
Paquier.
Discussion: https://postgr.es/m/20220722203735.GB3996698@nathanxps13
Diffstat (limited to 'src/backend/utils/adt/acl.c')
-rw-r--r-- | src/backend/utils/adt/acl.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index f8eedfe1700..ed1b6a41cfb 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -321,6 +321,12 @@ aclparse(const char *s, AclItem *aip) case ACL_ALTER_SYSTEM_CHR: read = ACL_ALTER_SYSTEM; break; + case ACL_VACUUM_CHR: + read = ACL_VACUUM; + break; + case ACL_ANALYZE_CHR: + read = ACL_ANALYZE; + break; case 'R': /* ignore old RULE privileges */ read = 0; break; @@ -1595,6 +1601,8 @@ makeaclitem(PG_FUNCTION_ARGS) {"CONNECT", ACL_CONNECT}, {"SET", ACL_SET}, {"ALTER SYSTEM", ACL_ALTER_SYSTEM}, + {"VACUUM", ACL_VACUUM}, + {"ANALYZE", ACL_ANALYZE}, {"RULE", 0}, /* ignore old RULE privileges */ {NULL, 0} }; @@ -1703,6 +1711,10 @@ convert_aclright_to_string(int aclright) return "SET"; case ACL_ALTER_SYSTEM: return "ALTER SYSTEM"; + case ACL_VACUUM: + return "VACUUM"; + case ACL_ANALYZE: + return "ANALYZE"; default: elog(ERROR, "unrecognized aclright: %d", aclright); return NULL; @@ -2012,6 +2024,10 @@ convert_table_priv_string(text *priv_type_text) {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)}, {"TRIGGER", ACL_TRIGGER}, {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)}, + {"VACUUM", ACL_VACUUM}, + {"VACUUM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_VACUUM)}, + {"ANALYZE", ACL_ANALYZE}, + {"ANALYZE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ANALYZE)}, {"RULE", 0}, /* ignore old RULE privileges */ {"RULE WITH GRANT OPTION", 0}, {NULL, 0} |