KingbaseESV8R6普通用户无权限执行vacuum
背景
数据库日志有如下提示:
WARNING: skipping "pivot_t1" --- only table or database owner can vacuum it
从提示可以看出,有用户对表pivot_t1进行vacuum操作时,出现了权限问题。
测试
TEST=# \c - ud;
You are now connected to database "TEST" as user "ud".
TEST=>
TEST=> vacuum pivot_t1;
WARNING: skipping "pivot_t1" --- only table or database owner can vacuum it
VACUUM
TEST=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------------------+------------
u1 | | {role01}
ud | | {role01}
TEST=> \dn
List of schemas
Name | Owner
------------------+--------
ud | system
1.把system的权限授予给用户ud
TEST=> \c - system
You are now connected to database "TEST" as user "system".
TEST=# grant system to ud;
GRANT ROLE
TEST=#
TEST=# \c - ud
You are now connected to database "TEST" as user "ud".
TEST=> vacuum pivot_t1;
VACUUM
TEST=> \c - system
You are now connected to database "TEST" as user "system".
TEST=# revoke system from ud;
REVOKE ROLE
TEST=#
TEST=# \c - ud
You are now connected to database "TEST" as user "ud".
TEST=> vacuum pivot_t1;
WARNING: skipping "pivot_t1" --- only table or database owner can vacuum it
VACUUM
2.更改用户ud为超级用户
TEST=# alter user ud with superuser;
ALTER ROLE
TEST=# \c - ud
You are now connected to database "TEST" as user "ud".
TEST=# vacuum pivot_t1;
VACUUM
查看ud用户权限
TEST=# \du
List of roles
ud | Superuser | {role01}
结论
只有superuser权限的用户可以对表执行vacuum操作,不建议单独授予此权限,此权限应由system超级用户统一管理。
一般常见的业务系统中,autovacuum达到阈值自动触发,无需手工执行vacuum,即使一些场景需要手工执行vacuum,也应由超级用户完成操作。
KINGBASE研究院