Re: predefined role(s) for VACUUM and ANALYZE
| От | David G. Johnston |
|---|---|
| Тема | Re: predefined role(s) for VACUUM and ANALYZE |
| Дата | |
| Msg-id | CAKFQuwZKDSnFsz8d_3YLJpZH8xnD3N4qS-Qv2Us+sK0Ry4fPhQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: predefined role(s) for VACUUM and ANALYZE (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: predefined role(s) for VACUUM and ANALYZE
|
| Список | pgsql-hackers |
On Tue, Jul 26, 2022 at 10:37 AM Robert Haas <robertmhaas@gmail.com> wrote:
On Mon, Jul 25, 2022 at 9:47 PM Kyotaro Horiguchi
<horikyota.ntt@gmail.com> wrote:
> One arguable point would be whether we will need to put restriction
> the target relations that Bob can vacuum/analyze.
But for a command with a target, you really ought to have a
permission on the object, not just a general permission. On the other
hand, we do have things like pg_read_all_tables, so we could have
pg_vacuum_all_tables too.
I'm still more likely to create a specific security definer function owned by the relevant table owner to give out ANALYZE (and maybe VACUUM) permission to ETL-performing roles.
Still, it seems somewhat appealing to give
people fine-grained control over this, rather than just "on" or "off".
Appealing enough to consume a couple of permission bits?
David J.
В списке pgsql-hackers по дате отправления: