On Wed, 2022-12-14 at 12:07 +0300, Pavel Luzanov wrote: > After a fresh install, including the patch for \dpS [1], > I found that granting MAINTAIN privilege does not allow the TOAST > table > to be vacuumed.
I wanted to also mention partitioning. The behavior is that MAINTAIN privileges on the partitioned table does not imply MAINTAIN privileges on the partitions. I believe that's fine and it's consistent with other privileges on partitioned tables, such as SELECT and INSERT. In the case of an admin maintaining users' tables, they'd be a member of pg_maintain anyway. Furthermore, MAINTAIN privileges on the partitioned table do not grant the ability to create new partitions. There's a comment in tablecmds.c alluding to a possible "UNDER" privilege: /* * We should have an UNDER permission flag for this, but for now, * demand that creator of a child table own the parent. */ Perhaps there's something we want to do there, but it's a different use case than the MAINTAIN privilege, so I don't see a reason it should be grouped. Also, there's a bit of weirdness to think about in cases where another user creates (and owns) a partition of your table (currently this is only possible if the other user is a superuser). I am not suggesting a change here, just posting in case someone has a different opinion. -- Jeff Davis PostgreSQL Contributor Team - AWS