diff options
author | Nathan Bossart <nathan@postgresql.org> | 2024-03-13 14:49:26 -0500 |
---|---|---|
committer | Nathan Bossart <nathan@postgresql.org> | 2024-03-13 14:49:26 -0500 |
commit | ecb0fd33720fab91df1207e85704f382f55e1eb7 (patch) | |
tree | fa83d8722e9714510a7331664290d79f3a4075f7 /src/backend/commands/lockcmds.c | |
parent | 2041bc4276c95ac014510032e622a4baf70b29f1 (diff) | |
download | postgresql-ecb0fd33720fab91df1207e85704f382f55e1eb7.tar.gz postgresql-ecb0fd33720fab91df1207e85704f382f55e1eb7.zip |
Reintroduce MAINTAIN privilege and pg_maintain predefined role.
Roles with MAINTAIN on a relation may run VACUUM, ANALYZE, REINDEX,
REFRESH MATERIALIZE VIEW, CLUSTER, and LOCK TABLE on the relation.
Roles with privileges of pg_maintain may run those same commands on
all relations.
This was previously committed for v16, but it was reverted in
commit 151c22deee due to concerns about search_path tricks that
could be used to escalate privileges to the table owner. Commits
2af07e2f74, 59825d1639, and c7ea3f4229 resolved these concerns by
restricting search_path when running maintenance commands.
Bumps catversion.
Reviewed-by: Jeff Davis
Discussion: https://postgr.es/m/20240305161235.GA3478007%40nathanxps13
Diffstat (limited to 'src/backend/commands/lockcmds.c')
-rw-r--r-- | src/backend/commands/lockcmds.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/commands/lockcmds.c b/src/backend/commands/lockcmds.c index 09ae09cf5cc..cd20ae76bad 100644 --- a/src/backend/commands/lockcmds.c +++ b/src/backend/commands/lockcmds.c @@ -283,7 +283,7 @@ LockTableAclCheck(Oid reloid, LOCKMODE lockmode, Oid userid) AclMode aclmask; /* any of these privileges permit any lock mode */ - aclmask = ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE; + aclmask = ACL_MAINTAIN | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE; /* SELECT privileges also permit ACCESS SHARE and below */ if (lockmode <= AccessShareLock) |