On Wed, Dec 07, 2022 at 10:48:49AM +0300, Pavel Luzanov wrote: > Furthermore. The VACUUM privilege allows you to also execute VACUUM FULL. > VACUUM and VACUUM FULL are commands with similar names, but work completely > differently. > It may be worth clarifying on this page: > https://www.postgresql.org/docs/devel/ddl-priv.html > > Something like: Allows VACUUM on a relation, including VACUUM FULL.
Since (as you said) they work completely differently, I think it'd be more useful if vacuum_full were a separate privilege, rather than being included in vacuum. And cluster could be allowed whenever vacuum_full is allowed. > There is a very similar command to VACUUM FULL with a different name - > CLUSTER. The VACUUM privilege does not apply to the CLUSTER command. > This is probably correct. I think if vacuum privilege allows vacuum full, then it ought to also allow cluster. But I suggest that it'd be even better if it doesn't allow either, and there was a separate privilege for those. Disclaimer: I have not been following these threads. -- Justin
