On Thu, Dec 15, 2022 at 10:10:43AM -0800, Jeff Davis wrote: > On Thu, 2022-12-15 at 12:31 +0300, Pavel Luzanov wrote: > > I think the approach that Nathan implemented [1] for TOAST tables > > in the latest version can be used for partitioned tables as well. > > Skipping the privilege check for partitions while working with > > a partitioned table. In that case we would get exactly the same > > behavior > > as for INSERT, SELECT, etc privileges - the MAINTAIN privilege would > > work for > > the whole partitioned table, but not for individual partitions. > > There is some weirdness in 15, too:
I gather you mean postgresql v15.1 and master ? > -- the following commands seem inconsistent to me: > vacuum p; -- skips p1 with warning > analyze p; -- skips p1 with warning > cluster p using p_idx; -- silently skips p1 > reindex table p; -- reindexes p0 and p1 (owned by su) Clustering on a partitioned table is new in v15, and this behavior is from 3f19e176ae0 and cfdd03f45e6, which added get_tables_to_cluster_partitioned(), borrowing from expand_vacuum_rel() and get_tables_to_cluster(). vacuum initially calls vacuum_is_permitted_for_relation() only for the partitioned table, and *later* locks the partition and then checks its permissions, which is when the message is output. Since v15, cluster calls get_tables_to_cluster_partitioned(), which silently discards partitions failing ACL. We could change it to emit a message, which would seem to behave like vacuum, except that the check is happening earlier, and (unlike vacuum) partitions skipped later during CLUOPT_RECHECK wouldn't have any message output. Or we could change cluster_rel() to output a message when skipping. But these patches hardly touched that function at all. I suppose we could change to emit a message during RECHECK (maybe only in master branch). If need be, that could be controlled by a new CLUOPT_*. -- Justin