On Fri, 2023-01-13 at 12:33 -0800, Nathan Bossart wrote: > That would fix the problem in the original complaint, but it wouldn't > allow > for vacuuming toast tables directly if you only have MAINTAIN > privileges on > the main relation. If you can vacuum the toast table indirectly via > the > main relation, shouldn't it be possible to vacuum it directly?
Perhaps, but that's barely supported today: you have to awkwardly find the internal toast table name yourself, and you need the admin to grant you USAGE on the pg_toast schema. I don't think we're obligated to also support this hackery for non-owners with a new MAINTAIN privilege. If we care about that use case, let's do it right and have forms of VACUUM/CLUSTER/REINDEX that check permissions on the main table, skip the work on the main table, and descend directly to the toast tables. That doesn't seem hard, but it's a separate patch. Right now, we should simply fix the problem. -- Jeff Davis PostgreSQL Contributor Team - AWS