> On 30 Sep 2024, at 10:29, btsugieyuusuke <btsugieyuus...@oss.nttdata.com> > wrote: > > Hi hackers, > I found a flaw in the ACL_MAINTAIN comment. > > Commands such as VACUUM are listed as commands that are allowed to be > executed by the MAINTAIN privilege. > However, LOCK TABLE is missing from the comment. > >> /* >> * Check if ACL_MAINTAIN is being checked and, if so, and not already set >> * as part of the result, then check if the user is a member of the >> * pg_maintain role, which allows VACUUM, ANALYZE, CLUSTER, REFRESH >> * MATERIALIZED VIEW, and REINDEX on all relations. >> */ > > Therefore, shouldn't LOCK TABLE be added to the comment?
That's correct, for the list to be complete LOCK TABLE should be added as per the attached. -- Daniel Gustafsson
acl_maintain_comment.diff
Description: Binary data
