aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/lockcmds.c
diff options
context:
space:
mode:
authorNathan Bossart <nathan@postgresql.org>2024-03-13 14:49:26 -0500
committerNathan Bossart <nathan@postgresql.org>2024-03-13 14:49:26 -0500
commitecb0fd33720fab91df1207e85704f382f55e1eb7 (patch)
treefa83d8722e9714510a7331664290d79f3a4075f7 /src/backend/commands/lockcmds.c
parent2041bc4276c95ac014510032e622a4baf70b29f1 (diff)
downloadpostgresql-ecb0fd33720fab91df1207e85704f382f55e1eb7.tar.gz
postgresql-ecb0fd33720fab91df1207e85704f382f55e1eb7.zip
Reintroduce MAINTAIN privilege and pg_maintain predefined role.
Roles with MAINTAIN on a relation may run VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZE VIEW, CLUSTER, and LOCK TABLE on the relation. Roles with privileges of pg_maintain may run those same commands on all relations. This was previously committed for v16, but it was reverted in commit 151c22deee due to concerns about search_path tricks that could be used to escalate privileges to the table owner. Commits 2af07e2f74, 59825d1639, and c7ea3f4229 resolved these concerns by restricting search_path when running maintenance commands. Bumps catversion. Reviewed-by: Jeff Davis Discussion: https://postgr.es/m/20240305161235.GA3478007%40nathanxps13
Diffstat (limited to 'src/backend/commands/lockcmds.c')
-rw-r--r--src/backend/commands/lockcmds.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c
index 09ae09cf5cc..cd20ae76bad 100644
--- a/src/backend/commands/lockcmds.c
+++ b/src/backend/commands/lockcmds.c
@@ -283,7 +283,7 @@ LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid)
AclMode aclmask;
/* any of these privileges permit any lock mode */
- aclmask = ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE;
+ aclmask = ACL_MAINTAIN | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE;
/* SELECT privileges also permit ACCESS SHARE and below */
if (lockmode <= AccessShareLock)