On Wed, Jun 21, 2023 at 08:06:06PM -0700, Nathan Bossart wrote: > On Thu, Jun 22, 2023 at 10:46:41AM +0900, Michael Paquier wrote: >> - /* >> - * We already checked that the user has privileges to CLUSTER the >> - * partitioned table when we locked it earlier, so there's no need to >> - * check the privileges again here. >> - */ >> + if (!cluster_is_permitted_for_relation(relid, GetUserId())) >> + continue; >> I would add a comment here that this ACL recheck for the leaves is an >> important thing to keep around as it impacts the case where the leaves >> have a different owner than the parent, and the owner of the parent >> clusters it. The only place in the tests where this has an influence >> is the isolation test cluster-conflict-partition. > > Done.
+ /* + * It's possible that the user does not have privileges to CLUSTER the + * leaf partition despite having such privileges on the partitioned + * table. We skip any partitions which the user is not permitted to + * CLUSTER. + */ Sounds good to me. Thanks. -- Michael
signature.asc
Description: PGP signature