Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tkPHk-003d1v-Jo
	for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Feb 2025 15:13:20 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tkPHj-00BKF8-1O
	for pgsql-hackers@arkaria.postgresql.org; Tue, 18 Feb 2025 15:13:19 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <robertmhaas@gmail.com>)
	id 1tkPHi-00BKEz-Nn
	for pgsql-hackers@lists.postgresql.org; Tue, 18 Feb 2025 15:13:18 +0000
Received: from mail-ej1-x630.google.com ([2a00:1450:4864:20::630])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <robertmhaas@gmail.com>)
	id 1tkPHg-001XU6-39
	for pgsql-hackers@postgresql.org;
	Tue, 18 Feb 2025 15:13:17 +0000
Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-aaf0f1adef8so1119750766b.3
        for <pgsql-hackers@postgresql.org>; Tue, 18 Feb 2025 07:13:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1739891595; x=1740496395; darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=+h2hwFEpbMxgisN6vXQP6sSF+c3M6lSH2PxOJg/ssIY=;
        b=E1gtDu9Gulh8k8hX2jcdtqkI0rNJ6COD3x+KpoR55R92TJntzP/bz/X4o9ujhpj0Al
         Z09B4Mx2Q3Sd0fVvJG4JeKJOIg4Q++K2pUoESA/Tq+vTkz9xumycLgu49MLEiLdUHDsN
         tN7KKFHP8Pc9OMf2yiezv0CVg2f4PLG03KointFIy/EJV8Fa4HJuisqpg7nmgsCkJm50
         v7FXNIyxA6BjbqP1W7ccVNMejsLVTKrRhotvzWD5rixjiN8Vvrmx+Phe4qHtFM3vQhE5
         cHWP8M05X6tCJfBeerwAqB0SZalShTmIKPrCyqi7OtugBiWShpqE0xiOW3xjVwb/Z9p3
         H3iQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739891595; x=1740496395;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+h2hwFEpbMxgisN6vXQP6sSF+c3M6lSH2PxOJg/ssIY=;
        b=pTONQmEj4zWbQpUodXPpFRH+Ls09FfolSV54pAe83sCH8eyaV2Phfae5B1fseAAz96
         KpoAKoPaNN2Vb+hqy/HeFD7Z9tTv0ps3M/rcarh4uNOUWujQFBsEGwI3Es9WZYNusGIC
         +DB5MNUQaW4EZUUft1iy2vLwRNze+yJ/Evq4xMhgtDFLb10XiIeFNqK31tNsef14mXMK
         HB0TI4ied+wSUUpnA1s35D7Uv7VpnaliX3Mg5vGSevCpi8Sptfol6fHVE50EG/JyU+sl
         g52XWKotiLmAPbCzkXhna/5q5W3AaqQTryWy2yW24a4+jX3JtHJBkpKr4AiWFJt8BxRF
         6/1Q==
X-Forwarded-Encrypted: i=1; AJvYcCXXo0aPxeUrZirfNul3/UVLHIs2F5Gw/I3E8GYpEB1B1en+q7mE/+tKpwAay4SgoN3uUhrTw/VKFwSY42Cf@postgresql.org
X-Gm-Message-State: AOJu0Yxdz4ZA9uLK4ngSyny+SvToqzQnbqeoG1wITp239fiQ56Jx9AmW
	IjDv4GK67z69GdN4WtLmCjjqudCm50QQHTlBWYFBV6r66L832CP13Aya0g0PFINKFPCPwHFx5po
	rerE8l/lC5IGxvdVtbbYpczCGOLE=
X-Gm-Gg: ASbGncvSbpbMU/LcG9WPw7B4Nrs+WXWBVHraExrfpeQtAxtAoDXVRdiqJhOIiLVGwmP
	UpeWyzPfPw3aflP7i0O3SaBjE12htbKs7D7DkUUWOVGRfiuz1yyn4GaC1MhxRCE6t5Cu+I0fb
X-Google-Smtp-Source: AGHT+IEUK3Z48o6sihYDAPzwmnbXMHS8hY8ASn3vOP+3JUlWjzJY/KQpd0i9giyZU1zvfly2mPibdX1jnaRI0Itp8ag=
X-Received: by 2002:a17:907:2da7:b0:ab7:eff8:f92e with SMTP id
 a640c23a62f3a-abb70d36233mr1359257166b.21.1739891595169; Tue, 18 Feb 2025
 07:13:15 -0800 (PST)
MIME-Version: 1.0
References: <CACX+KaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko=D4FSb80BYW+o8CHQ@mail.gmail.com>
 <855988.1739816850@sss.pgh.pa.us> <CAKFQuwZ+EsCJHmBVdHeJ2XUWUBSGtN8k2icrX2hrPR=m7sLNGg@mail.gmail.com>
 <861660.1739819589@sss.pgh.pa.us> <CACX+KaMiZaFWVxYzZ_Lw-EBKgiO5GEBHmHREqs=GDpM88hRqdw@mail.gmail.com>
 <908583.1739822263@sss.pgh.pa.us> <CA+TgmobSc_x6thvXZvHoni5Gs5-wsxyTRiOMKoeuX5br0PCtDA@mail.gmail.com>
 <CACX+KaPv4apqG3=Ef+FB9nn4C4cd6Z+604ej0PPOHKExH45u2A@mail.gmail.com>
 <934709.1739829723@sss.pgh.pa.us> <CAKFQuwZThU_Z-Zw+3mr+ecp1BVOw777dp3nXU5-wTVk3kS10gw@mail.gmail.com>
In-Reply-To: <CAKFQuwZThU_Z-Zw+3mr+ecp1BVOw777dp3nXU5-wTVk3kS10gw@mail.gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
Date: Tue, 18 Feb 2025 10:13:03 -0500
X-Gm-Features: AWEUYZnkbExk1FhriguN5avvt_mTQVmMrMeEhrR4KeON19taWQAzCZGtykGja08
Message-ID: <CA+TgmoZG71zBpLOfCGZqGhtp=88z6=YYhi54TEsCtKr3v+UpoA@mail.gmail.com>
Subject: Re: Clarification on Role Access Rights to Table Indexes
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Ayush Vatsa <ayushvatsa1810@gmail.com>, 
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CA%2BTgmoZG71zBpLOfCGZqGhtp%3D88z6%3DYYhi54TEsCtKr3v%2BUpoA%40mail.gmail.com>
Precedence: bulk

On Mon, Feb 17, 2025 at 5:18=E2=80=AFPM David G. Johnston
<david.g.johnston@gmail.com> wrote:
>> I have a very vague recollection that we concluded that SELECT
>> privilege was a reasonable check because if you have that you
>> could manually prewarm by reading the table.  That would lead
>> to the conclusion that the minimal fix is to look at the owning
>> table's privileges instead of the index's own privileges.
>
> I feel like if you can blow up the cache by loading an entire table into =
memory with just select privilege on the table we should be ok with allowin=
g the same person to name an index on the same table and load it into the c=
ache too.

+1.

--=20
Robert Haas
EDB: http://www.enterprisedb.com