Re: Clarification on Role Access Rights to Table Indexes

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Robert Haas <[email protected]>
To: David G. Johnston <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: Ayush Vatsa <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Clarification on Role Access Rights to Table Indexes
Date: Tue, 18 Feb 2025 10:13:03 -0500
Message-ID: <CA+TgmoZG71zBpLOfCGZqGhtp=88z6=YYhi54TEsCtKr3v+UpoA@mail.gmail.com> (raw)
In-Reply-To: <CAKFQuwZThU_Z-Zw+3mr+ecp1BVOw777dp3nXU5-wTVk3kS10gw@mail.gmail.com>
References: <CACX+KaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko=D4FSb80BYW+o8CHQ@mail.gmail.com>
	<[email protected]>
	<CAKFQuwZ+EsCJHmBVdHeJ2XUWUBSGtN8k2icrX2hrPR=m7sLNGg@mail.gmail.com>
	<[email protected]>
	<CACX+KaMiZaFWVxYzZ_Lw-EBKgiO5GEBHmHREqs=GDpM88hRqdw@mail.gmail.com>
	<[email protected]>
	<CA+TgmobSc_x6thvXZvHoni5Gs5-wsxyTRiOMKoeuX5br0PCtDA@mail.gmail.com>
	<CACX+KaPv4apqG3=Ef+FB9nn4C4cd6Z+604ej0PPOHKExH45u2A@mail.gmail.com>
	<[email protected]>
	<CAKFQuwZThU_Z-Zw+3mr+ecp1BVOw777dp3nXU5-wTVk3kS10gw@mail.gmail.com>

On Mon, Feb 17, 2025 at 5:18 PM David G. Johnston
<[email protected]> wrote:
>> I have a very vague recollection that we concluded that SELECT
>> privilege was a reasonable check because if you have that you
>> could manually prewarm by reading the table.  That would lead
>> to the conclusion that the minimal fix is to look at the owning
>> table's privileges instead of the index's own privileges.
>
> I feel like if you can blow up the cache by loading an entire table into memory with just select privilege on the table we should be ok with allowing the same person to name an index on the same table and load it into the cache too.

+1.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

view thread (15+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Clarification on Role Access Rights to Table Indexes
  In-Reply-To: <CA+TgmoZG71zBpLOfCGZqGhtp=88z6=YYhi54TEsCtKr3v+UpoA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox