{"id":21024,"date":"2022-12-14T10:41:43","date_gmt":"2022-12-14T09:41:43","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=21024"},"modified":"2022-12-14T10:41:44","modified_gmt":"2022-12-14T09:41:44","slug":"postgresql-16-further-reducing-tasks-that-require-superuser","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/","title":{"rendered":"PostgreSQL 16: Further reducing tasks that require superuser"},"content":{"rendered":"\n

In a previous post<\/a> we’ve seen that vacuum<\/a> and analyze<\/a> operations can be granted to users which are not superuser starting with PostgreSQL 16. Work is still in progress to further reduce maintenance tasks which require superuser privileges. Today another patch was committed which brings even more delegation for maintenance operations.<\/p>\n\n\n\n

One more, a simple setup to demonstrate what has been done:<\/p>\n\n\n

\npostgres=# select version();\n                                               version                                                \n------------------------------------------------------------------------------------------------------\n PostgreSQL 16devel on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit\n(1 row)\n\npostgres=# create user u with password 'u' login;\nCREATE ROLE\npostgres=# create user v with password 'v' login;\nCREATE ROLE\npostgres=# create schema su authorization u;\nCREATE SCHEMA\npostgres=# \\c postgres u\nYou are now connected to database "postgres" as user "u".\npostgres=> create table su.t ( a int, b text );\npostgres=> create unique index i on su.t(a);\nCREATE INDEX\npostgres=> create materialized view su.mv as select * from su.t;\nSELECT 0\n<\/pre><\/div>\n\n\n
Two users, one having a schema containing a table, an unique index, and a materialized view. We’ve already seen that we can grant vacuum and analyze of objects to another user:<\/p>\n\n\n
\npostgres=# grant analyze on su.t to v;\nERROR:  syntax error at or near "analyze"\n<\/pre><\/div>\n\n\n
This does not work anymore. Instead of granting separate privileges for maintenance operations these are now grouped together under a single privilege:<\/p>\n\n\n
\npostgres=# grant maintain on su.t to v;\nGRANT\npostgres=# grant maintain on su.mv to v;\nGRANT\npostgres=# grant usage on schema su to v;\nGRANT\n<\/pre><\/div>\n\n\n
The maintain privilege consist of these privileges:<\/p>\n\n\n\n
    \n
  • VACUUM<\/li>\n\n\n\n
  • ANALYZE<\/li>\n\n\n\n
  • REINDEX<\/li>\n\n\n\n
  • REFRESH\u00a0MATERIALIZED\u00a0VIEW<\/li>\n\n\n\n
  • CLUSTER<\/li>\n\n\n\n
  • LOCK\u00a0TABLE<\/li>\n<\/ul>\n\n\n\n
    Having that privilege all these operations are delegated:<\/p>\n\n\n
    \npostgres=> analyze su.t;\nANALYZE\npostgres=> refresh materialized view su.mv;\nREFRESH MATERIALIZED VIEW\npostgres=> reindex index su.i;\nREINDEX\n<\/pre><\/div>\n\n\n
    A new role has been added as well, which grants all these operations by default:<\/p>\n\n\n
    \npostgres=# \\c postgres u\nYou are now connected to database "postgres" as user "u".\npostgres=> create table su.x ( a int );\nCREATE TABLE\npostgres=> \\c postgres postgres\nYou are now connected to database "postgres" as user "postgres".\npostgres=# grant pg_maintain to v;\nGRANT ROLE\npostgres=# \\c postgres v\nYou are now connected to database "postgres" as user "v".\npostgres=> analyze su.x;\nANALYZE\npostgres=>\n<\/pre><\/div>\n\n\n
    This is nice, as  it further reduces the tasks that require superuser privileges.<\/p>\n","protected":false},"excerpt":{"rendered":"
    In a previous post we’ve seen that vacuum and analyze operations can be granted to users which are not superuser starting with PostgreSQL 16. Work is still in progress to further reduce maintenance tasks which require superuser privileges. Today another patch was committed which brings even more delegation for maintenance operations. One more, a simple […]<\/p>\n","protected":false},"author":29,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,198],"tags":[2602],"type_dbi":[],"class_list":["post-21024","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-database-management","tag-postgresql-2"],"acf":[],"yoast_head":"\nPostgreSQL 16: Further reducing tasks that require superuser - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PostgreSQL 16: Further reducing tasks that require superuser\" \/>\n<meta property=\"og:description\" content=\"In a previous post we’ve seen that vacuum and analyze operations can be granted to users which are not superuser starting with PostgreSQL 16. Work is still in progress to further reduce maintenance tasks which require superuser privileges. Today another patch was committed which brings even more delegation for maintenance operations. One more, a simple […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-14T09:41:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-14T09:41:44+00:00\" \/>\n<meta name=\"author\" content=\"Daniel Westermann\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@westermanndanie\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Daniel Westermann\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\"},\"author\":{\"name\":\"Daniel Westermann\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"headline\":\"PostgreSQL 16: Further reducing tasks that require superuser\",\"datePublished\":\"2022-12-14T09:41:43+00:00\",\"dateModified\":\"2022-12-14T09:41:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\"},\"wordCount\":175,\"commentCount\":0,\"keywords\":[\"postgresql\"],\"articleSection\":[\"Database Administration & Monitoring\",\"Database management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\",\"name\":\"PostgreSQL 16: Further reducing tasks that require superuser - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"datePublished\":\"2022-12-14T09:41:43+00:00\",\"dateModified\":\"2022-12-14T09:41:44+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PostgreSQL 16: Further reducing tasks that require superuser\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66\",\"name\":\"Daniel Westermann\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g\",\"caption\":\"Daniel Westermann\"},\"description\":\"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.\",\"sameAs\":[\"https:\/\/x.com\/westermanndanie\"],\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PostgreSQL 16: Further reducing tasks that require superuser - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/","og_locale":"en_US","og_type":"article","og_title":"PostgreSQL 16: Further reducing tasks that require superuser","og_description":"In a previous post we’ve seen that vacuum and analyze operations can be granted to users which are not superuser starting with PostgreSQL 16. Work is still in progress to further reduce maintenance tasks which require superuser privileges. Today another patch was committed which brings even more delegation for maintenance operations. One more, a simple […]","og_url":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/","og_site_name":"dbi Blog","article_published_time":"2022-12-14T09:41:43+00:00","article_modified_time":"2022-12-14T09:41:44+00:00","author":"Daniel Westermann","twitter_card":"summary_large_image","twitter_creator":"@westermanndanie","twitter_misc":{"Written by":"Daniel Westermann","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/"},"author":{"name":"Daniel Westermann","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"headline":"PostgreSQL 16: Further reducing tasks that require superuser","datePublished":"2022-12-14T09:41:43+00:00","dateModified":"2022-12-14T09:41:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/"},"wordCount":175,"commentCount":0,"keywords":["postgresql"],"articleSection":["Database Administration & Monitoring","Database management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/","url":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/","name":"PostgreSQL 16: Further reducing tasks that require superuser - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2022-12-14T09:41:43+00:00","dateModified":"2022-12-14T09:41:44+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-16-further-reducing-tasks-that-require-superuser\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PostgreSQL 16: Further reducing tasks that require superuser"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/8d08e9bd996a89bd75c0286cbabf3c66","name":"Daniel Westermann","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/31350ceeecb1dd8986339a29bf040d4cd3cd087d410deccd8f55234466d6c317?s=96&d=mm&r=g","caption":"Daniel Westermann"},"description":"Daniel Westermann is Principal Consultant and Technology Leader Open Infrastructure at dbi services. He has more than 15 years of experience in management, engineering and optimization of databases and infrastructures, especially on Oracle and PostgreSQL. Since the beginning of his career, he has specialized in Oracle Technologies and is Oracle Certified Professional 12c and Oracle Certified Expert RAC\/GridInfra. Over time, Daniel has become increasingly interested in open source technologies, becoming \u201cTechnology Leader Open Infrastructure\u201d and PostgreSQL expert. \u00a0Based on community or EnterpriseDB tools, he develops and installs complex high available solutions with PostgreSQL. He is also a certified PostgreSQL Plus 9.0 Professional and a Postgres Advanced Server 9.4 Professional. He is a regular speaker at PostgreSQL conferences in Switzerland and Europe. Today Daniel is also supporting our customers on AWS services such as AWS RDS, database migrations into the cloud, EC2 and automated infrastructure management with AWS SSM (System Manager). He is a certified AWS Solutions Architect Professional. Prior to dbi services, Daniel was Management System Engineer at LC SYSTEMS-Engineering AG in Basel. Before that, he worked as Oracle Developper &\u00a0Project Manager at Delta Energy Solutions AG in Basel (today Powel AG). Daniel holds a diploma in Business Informatics (DHBW, Germany). His branch-related experience mainly covers the pharma industry, the financial sector, energy, lottery and telecommunications.","sameAs":["https:\/\/x.com\/westermanndanie"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/daniel-westermann\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=21024"}],"version-history":[{"count":2,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21024\/revisions"}],"predecessor-version":[{"id":21030,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21024\/revisions\/21030"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=21024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=21024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=21024"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=21024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}