Major Description
It raises error "Cannot support GRANT/REVOKE on TABLESPACE statement" while following the HAWQ guide (http://hawq.docs.pivotal.io/docs-gpdb/admin_guide/ddl/ddl-tablespace.html) to GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE.
gpadmin=# GRANT CREATE ON TABLESPACE fstbs TO tstuser; ERROR: Cannot support GRANT/REVOKE on TABLESPACE statement
As a consequence, with the user as SUPERUSER is possible to create tables on top of the tablespace, but with a user as NOSUPERUSER its not possible:
tstuser=> CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs; NOTICE: Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'col01' as the Greenplum Database data distribution key for this table. HINT: The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew. ERROR: permission denied for tablespace fstbs
gpadmin=# alter user tstuser with superuser; ALTER ROLE [gpadmin@ai2hdm1 ~]$ psql -d tstuser -U tstuser Password for user tstuser: psql (8.2.15) Type "help" for help. tstuser=# CREATE TABLE testfs3 ( col01 INTEGER ) TABLESPACE fstbs; NOTICE: Table doesn't have 'DISTRIBUTED BY' clause -- Using column named 'col01' as the Greenplum Database data distribution key for this table. HINT: The 'DISTRIBUTED BY' clause determines the distribution of data. Make sure column(s) chosen are the optimal data distribution key to minimize skew. CREATE TABLE
Due to security consideration, it is not acceptable for some HAWQ users to always use SUPERUSER to create TABLESPACE. Thus, we need to support:
1. Superuser can GRANT/REVOKE CREATION privilege to/from non-superuser on TABLESPACE.
2. Non-supuser can create TABLESPACE once it is granted with creation privilege.
3. Non-superuser to GRANT/REVOKE CREATION privilege on TABLESPACE to other users.