skip and warn about role mismatch in Maintenance Functions#806
skip and warn about role mismatch in Maintenance Functions#806jw1u1 wants to merge 2 commits intopgpartman:developmentfrom
Conversation
jw1u1
changed the title
|
Just wanted to say thank you for the updates you've done recently. I won't be able to get them in the next release that will hopefully be coming out soon, but I do plan on getting back to more frequent updates again and will review and try and get the ones you've been working on lately incorporated in future releases. |
| AND c.relname = v_parent_tablename; | ||
|
|
||
| IF v_parent_owner != current_role THEN | ||
| RAISE EXCEPTION 'parent table % owner is % but current role is %', p_parent_table, v_parent_owner, current_role; |
There was a problem hiding this comment.
So I don't think this is accounting for role inheritance/group membership. It's just looking to see if the name of the owner simply matches the name of the current role. If a role is a member of another role, it's considered an owner of all of the same objects.
Also doesn't account for if a superuser is running it, which should be able to succeed as well.
There was a problem hiding this comment.
Have you ever seen a proper setup with different Owner of Partitions?
You'll usually want to have the same owner.
Of course does run_maintenance work as a superuser but the background worker will fail to drop partitions owned by postgres.
And postgres might have not the same default privileges as inheritance/group membership is not taken into account with default privileges.
Would you like to add a new config parameter "ensure_same_partition_owner"?
There was a problem hiding this comment.
pg_partman already has a setting to force ownership/permissions to be passed down from the parent. If you set inherit_privileges to true in part_config it will do this.
I'm not 100% on what ownership PG does by default for partitioned tables, so I'll have to test it out what happens when another role in the same group or the superuser adds a child. But by default, privileges are not inherited to children so users must go through the parent to access the data. Inheriting privileges allows the users of the table to by-pass the read/write penalties of going through the parent if they happen to know what the child table name is.
There was a problem hiding this comment.
Owner is the role that executes the maintenance function and that's a mess.
If inherit_privileges=true changes the owner, please make it default.
2 participants
Prevent a mixture of partition owners that lead to permission issues and run_maintenance failures.
Skip Tables that are not owned by the current_role with a warning.