AWS redshift documentation change
Summary
Added CREATE privilege requirement for schema during full recompute operations
Security assessment
Documents new permission requirement but doesn't address a specific vulnerability. Improves security posture by clarifying least-privilege needs.
Diff
diff --git a/redshift/latest/dg/materialized-view-refresh-sql-command.md b/redshift/latest/dg/materialized-view-refresh-sql-command.md index 57e91f88a..62bac39bc 100644 --- a//redshift/latest/dg/materialized-view-refresh-sql-command.md +++ b//redshift/latest/dg/materialized-view-refresh-sql-command.md @@ -46,0 +47,2 @@ Only the owner of a materialized view can perform a `REFRESH MATERIALIZED VIEW` +When a materialized view requires a full recompute, the owner must also have CREATE privilege on the schema that contains the materialized view. A full recompute can be triggered by operations such as VACUUM or TRUNCATE on base tables. +