Fix MAINTAIN privileges for toast tables and partitions.
authorJeff Davis <jdavis@postgresql.org>
Fri, 13 Jan 2023 23:32:37 +0000 (15:32 -0800)
committerJeff Davis <jdavis@postgresql.org>
Sat, 14 Jan 2023 08:16:23 +0000 (00:16 -0800)
commitff9618e82a466fc9c635f9f087776e57b21e4f14
tree667ee5aece95c24ff098be9e39f67aa9df461d2d
parentff23b592ad6621563d3128b26860bcb41daf9542
Fix MAINTAIN privileges for toast tables and partitions.

Commit 60684dd8 left loose ends when it came to maintaining toast
tables or partitions.

For toast tables, simply skip the privilege check if the toast table
is an indirect target of the maintenance command, because the main
table privileges have already been checked.

For partitions, allow the maintenance command if the user has the
MAINTAIN privilege on the partition or any parent.

Also make CLUSTER emit "skipping" messages when the user doesn't have
privileges, similar to VACUUM.

Author: Nathan Bossart
Reported-by: Pavel Luzanov
Reviewed-by: Pavel Luzanov, Ted Yu
Discussion: https://postgr.es/m/20230113231339.GA2422750@nathanxps13
16 files changed:
doc/src/sgml/ref/analyze.sgml
doc/src/sgml/ref/cluster.sgml
doc/src/sgml/ref/lock.sgml
doc/src/sgml/ref/reindex.sgml
doc/src/sgml/ref/vacuum.sgml
src/backend/commands/cluster.c
src/backend/commands/indexcmds.c
src/backend/commands/lockcmds.c
src/backend/commands/tablecmds.c
src/backend/commands/vacuum.c
src/include/commands/tablecmds.h
src/test/isolation/expected/cluster-conflict-partition.out
src/test/isolation/specs/cluster-conflict-partition.spec
src/test/regress/expected/cluster.out
src/test/regress/expected/vacuum.out
src/test/regress/sql/cluster.sql