Participants
Isaac Morland
Isaac Morland
David G. Johnston
David G. Johnston
Tom Lane
Tom Lane
Michael Paquier
Michael Paquier
Attachments

No attachments in this thread

Thread Outline
#1...#2
Isaac MorlandDavid G. Johnston
Aug 07, 2019
#1Isaac MorlandIsaac Morland
Aug 07, 2019
#2David G. JohnstonDavid G. Johnstonto Isaac Morland (#1)
Aug 07, 2019
#3...#5
Isaac MorlandDavid G. Johnston
to David G. Johnston (#2)
Aug 07, 2019
#3Isaac MorlandIsaac Morlandto David G. Johnston (#2)
Aug 07, 2019
#5David G. JohnstonDavid G. Johnstonto Isaac Morland (#3)
Aug 07, 2019
#4...#6
Tom LaneMichael Paquier
to David G. Johnston (#2)
Aug 07, 2019
#4Tom LaneTom Laneto David G. Johnston (#2)
Aug 07, 2019
#6Michael PaquierMichael Paquierto Tom Lane (#4)
Aug 08, 2019

Documentation clarification re: ANALYZE

Started by Isaac Morlandover 6 years ago6 messages
#1Isaac Morland
Isaac Morland
isaac.morland@gmail.com

I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
where it says “Without a table_and_columns list, ANALYZE processes every
table and materialized view in the current database that the current user
has permission to analyze.”.

I don’t believe there is a separate “analyze” permission, so which tables
is this? Tables owned by the user? Ones where it can insert/update/delete?
Ones where it can select?

If somebody can tell me, I'll make it a weekend project to propose a
specific update to the documentation to make this more clear. Or maybe
there should just be a cross-reference to another existing part of the
documentation that explains more about this.

#2David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: Isaac Morland (#1)
Re: Documentation clarification re: ANALYZE

On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
wrote:

I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
where it says “Without a table_and_columns list, ANALYZE processes every
table and materialized view in the current database that the current user
has permission to analyze.”.

I don’t believe there is a separate “analyze” permission, so which tables
is this? Tables owned by the user? Ones where it can insert/update/delete?
Ones where it can select?

Owners only - at least in previous releases. I don't recall whether the
addition of new roles to cover subsets of administrative privileges ever
was extended to cover vacuum/analyze but I do not think it has.

David J.

#3Isaac Morland
Isaac Morland
isaac.morland@gmail.com
In reply to: David G. Johnston (#2)
Re: Documentation clarification re: ANALYZE

On Wed, 7 Aug 2019 at 17:31, David G. Johnston <david.g.johnston@gmail.com>
wrote:

On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
wrote:

I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
where it says “Without a table_and_columns list, ANALYZE processes every
table and materialized view in the current database that the current user
has permission to analyze.”.

I don’t believe there is a separate “analyze” permission, so which tables
is this? Tables owned by the user? Ones where it can insert/update/delete?
Ones where it can select?

Owners only - at least in previous releases. I don't recall whether the
addition of new roles to cover subsets of administrative privileges ever
was extended to cover vacuum/analyze but I do not think it has.

Thanks. So presumably I would also have permission if I have SET ROLEd to
the owner, or to a role which is an INHERIT member of the owner.

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: David G. Johnston (#2)
Re: Documentation clarification re: ANALYZE

"David G. Johnston" <david.g.johnston@gmail.com> writes:

On Wed, Aug 7, 2019 at 2:14 PM Isaac Morland <isaac.morland@gmail.com>
wrote:

I'm looking at https://www.postgresql.org/docs/current/sql-analyze.html,
where it says “Without a table_and_columns list, ANALYZE processes every
table and materialized view in the current database that the current user
has permission to analyze.”.
I don’t believe there is a separate “analyze” permission, so which tables
is this? Tables owned by the user? Ones where it can insert/update/delete?
Ones where it can select?

Owners only - at least in previous releases. I don't recall whether the
addition of new roles to cover subsets of administrative privileges ever
was extended to cover vacuum/analyze but I do not think it has.

Actually, looking in the source code finds

* We allow the user to vacuum or analyze a table if he is superuser, the
* table owner, or the database owner (but in the latter case, only if
* it's not a shared relation).

It's definitely a documentation omission that this isn't spelled out in
the ANALYZE reference page (VACUUM's page does have text about it).

regards, tom lane

#5David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: Isaac Morland (#3)
Re: Documentation clarification re: ANALYZE

On Wed, Aug 7, 2019 at 2:42 PM Isaac Morland <isaac.morland@gmail.com>
wrote:

Thanks. So presumably I would also have permission if I have SET ROLEd to
the owner, or to a role which is an INHERIT member of the owner.

Yes, the table ownership role check walks up the role membership hierarchy
if "inherit" is on for the current role.

David J.

#6Michael Paquier
Michael Paquier
michael@paquier.xyz
In reply to: Tom Lane (#4)
Re: Documentation clarification re: ANALYZE

On Wed, Aug 07, 2019 at 05:54:14PM -0400, Tom Lane wrote:

Actually, looking in the source code finds

* We allow the user to vacuum or analyze a table if he is superuser, the
* table owner, or the database owner (but in the latter case, only if
* it's not a shared relation).

It's definitely a documentation omission that this isn't spelled out in
the ANALYZE reference page (VACUUM's page does have text about it).

As far as I recall we have been doing that for ages, so +1 for the
documentation fix you have just done.
--
Michael

← Back to Topics