Обсуждение: Documentation clarification re: ANALYZE
I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, where it says “Without a table_and_columns list, ANALYZE processes every table and materialized view in the current database that the current user has permission to analyze.”.
I don’t believe there is a separate “analyze” permission, so which tables is this? Tables owned by the user? Ones where it can insert/update/delete? Ones where it can select?
If somebody can tell me, I'll make it a weekend project to propose a specific update to the documentation to make this more clear. Or maybe there should just be a cross-reference to another existing part of the documentation that explains more about this.
On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> wrote:
I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, where it says “Without a table_and_columns list, ANALYZE processes every table and materialized view in the current database that the current user has permission to analyze.”.I don’t believe there is a separate “analyze” permission, so which tables is this? Tables owned by the user? Ones where it can insert/update/delete? Ones where it can select?
Owners only - at least in previous releases. I don't recall whether the addition of new roles to cover subsets of administrative privileges ever was extended to cover vacuum/analyze but I do not think it has.
David J.
On Wed, 7 Aug 2019 at 17:31, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> wrote:I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, where it says “Without a table_and_columns list, ANALYZE processes every table and materialized view in the current database that the current user has permission to analyze.”.I don’t believe there is a separate “analyze” permission, so which tables is this? Tables owned by the user? Ones where it can insert/update/delete? Ones where it can select?Owners only - at least in previous releases. I don't recall whether the addition of new roles to cover subsets of administrative privileges ever was extended to cover vacuum/analyze but I do not think it has.
Thanks. So presumably I would also have permission if I have SET ROLEd to the owner, or to a role which is an INHERIT member of the owner.
"David G. Johnston" <david.g.johnston@gmail.com> writes: > On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com> > wrote: >> I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html, >> where it says “Without a table_and_columns list, ANALYZE processes every >> table and materialized view in the current database that the current user >> has permission to analyze.”. >> I don’t believe there is a separate “analyze” permission, so which tables >> is this? Tables owned by the user? Ones where it can insert/update/delete? >> Ones where it can select? > Owners only - at least in previous releases. I don't recall whether the > addition of new roles to cover subsets of administrative privileges ever > was extended to cover vacuum/analyze but I do not think it has. Actually, looking in the source code finds * We allow the user to vacuum or analyze a table if he is superuser, the * table owner, or the database owner (but in the latter case, only if * it's not a shared relation). It's definitely a documentation omission that this isn't spelled out in the ANALYZE reference page (VACUUM's page does have text about it). regards, tom lane
On Wed, Aug 7, 2019 at 2:42 PM Isaac Morland <isaac.morland@gmail.com> wrote:
Thanks. So presumably I would also have permission if I have SET ROLEd to the owner, or to a role which is an INHERIT member of the owner.
Yes, the table ownership role check walks up the role membership hierarchy if "inherit" is on for the current role.
David J.
On Wed, Aug 07, 2019 at 05:54:14PM -0400, Tom Lane wrote: > Actually, looking in the source code finds > > * We allow the user to vacuum or analyze a table if he is superuser, the > * table owner, or the database owner (but in the latter case, only if > * it's not a shared relation). > > It's definitely a documentation omission that this isn't spelled out in > the ANALYZE reference page (VACUUM's page does have text about it). As far as I recall we have been doing that for ages, so +1 for the documentation fix you have just done. -- Michael