If we had plenty more bits to allow ANALYZE to be independently
GRANT'able, then maybe, but those are a limited resource.
3. This can already be handled by GRANT:
* psql -U jd -h localhost;
* create table foo (id text);
* create role jd_role;
* alter table foo owner to jd_role;
* grant jd_role to boo;
* \c jd boo
* analyze foo;
On 02/29/2016 09:09 AM, David G. Johnston wrote:
Given these two things it seems the least difficult solution that doesn't make things any worse is to make "ANALYZE" grantable. If you were going to give the user owner permissions anyway then having a less-inclusive permission cannot hurt.
==================================================================
My last comment sums things up pretty well. I assume someone will insist that a security definer function is "the officially supported way to do this", and if the community wants to agree then fine. Otherwise, if you are going to tell me to give someone ownership of a table so that they can ANALYZE it then no intermediate solution I propose can be considered off-limits on security grounds because nothing - relative to the table in question - is less secure.
Which means that, aside from effort, the main blocking factors here are code complexity (which I understand) and limited grant "bits" as Stephen puts it. So I pose the question: do any of the committers consider a grant bit too valuable to consume on an ANALYZE grant?
If that and/or general code complexity means this will not be added even if a patch was proposed for 9.7 then I'll move on and institute one of the hacks that has been proffered. Otherwise I have (more than) half a mind to find some way to get a patch written.
David J.