diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2022-12-13 17:33:28 -0800 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2022-12-13 17:33:28 -0800 |
| commit | 60684dd834a222fefedd49b19d1f0a6189c1632e (patch) | |
| tree | a7452cf4aec03f4bed616662832ebcb8caac11a6 /src/backend/utils/adt/acl.c | |
| parent | c6f6646bb0bef315c3836f3f6909c24a985a8621 (diff) | |
| download | postgresql-60684dd834a222fefedd49b19d1f0a6189c1632e.tar.gz postgresql-60684dd834a222fefedd49b19d1f0a6189c1632e.zip | |
Add grantable MAINTAIN privilege and pg_maintain role.
Allows VACUUM, ANALYZE, REINDEX, REFRESH MATERIALIZED VIEW, CLUSTER,
and LOCK TABLE.
Effectively reverts 4441fc704d. Instead of creating separate
privileges for VACUUM, ANALYZE, and other maintenance commands, group
them together under a single MAINTAIN privilege.
Author: Nathan Bossart
Discussion: https://postgr.es/m/20221212210136.GA449764@nathanxps13
Discussion: https://postgr.es/m/45224.1670476523@sss.pgh.pa.us
Diffstat (limited to 'src/backend/utils/adt/acl.c')
| -rw-r--r-- | src/backend/utils/adt/acl.c | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index ed1b6a41cfb..bba953cd6e0 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -321,11 +321,8 @@ aclparse(const char *s, AclItem *aip) case ACL_ALTER_SYSTEM_CHR: read = ACL_ALTER_SYSTEM; break; - case ACL_VACUUM_CHR: - read = ACL_VACUUM; - break; - case ACL_ANALYZE_CHR: - read = ACL_ANALYZE; + case ACL_MAINTAIN_CHR: + read = ACL_MAINTAIN; break; case 'R': /* ignore old RULE privileges */ read = 0; @@ -1601,8 +1598,7 @@ makeaclitem(PG_FUNCTION_ARGS) {"CONNECT", ACL_CONNECT}, {"SET", ACL_SET}, {"ALTER SYSTEM", ACL_ALTER_SYSTEM}, - {"VACUUM", ACL_VACUUM}, - {"ANALYZE", ACL_ANALYZE}, + {"MAINTAIN", ACL_MAINTAIN}, {"RULE", 0}, /* ignore old RULE privileges */ {NULL, 0} }; @@ -1711,10 +1707,8 @@ convert_aclright_to_string(int aclright) return "SET"; case ACL_ALTER_SYSTEM: return "ALTER SYSTEM"; - case ACL_VACUUM: - return "VACUUM"; - case ACL_ANALYZE: - return "ANALYZE"; + case ACL_MAINTAIN: + return "MAINTAIN"; default: elog(ERROR, "unrecognized aclright: %d", aclright); return NULL; @@ -2024,10 +2018,8 @@ convert_table_priv_string(text *priv_type_text) {"REFERENCES WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_REFERENCES)}, {"TRIGGER", ACL_TRIGGER}, {"TRIGGER WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_TRIGGER)}, - {"VACUUM", ACL_VACUUM}, - {"VACUUM WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_VACUUM)}, - {"ANALYZE", ACL_ANALYZE}, - {"ANALYZE WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_ANALYZE)}, + {"MAINTAIN", ACL_MAINTAIN}, + {"MAINTAIN WITH GRANT OPTION", ACL_GRANT_OPTION_FOR(ACL_MAINTAIN)}, {"RULE", 0}, /* ignore old RULE privileges */ {"RULE WITH GRANT OPTION", 0}, {NULL, 0} |