Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tk8lb-000USU-3U
	for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 21:35:03 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tk8lZ-003ShM-AI
	for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 21:35:01 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <robertmhaas@gmail.com>)
	id 1tk8lY-003Sgt-TF
	for pgsql-hackers@lists.postgresql.org; Mon, 17 Feb 2025 21:35:00 +0000
Received: from mail-ej1-x62d.google.com ([2a00:1450:4864:20::62d])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <robertmhaas@gmail.com>)
	id 1tk8lX-001OJz-0W
	for pgsql-hackers@postgresql.org;
	Mon, 17 Feb 2025 21:34:59 +0000
Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-ab78e6edb99so726651866b.2
        for <pgsql-hackers@postgresql.org>; Mon, 17 Feb 2025 13:34:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1739828098; x=1740432898; darn=postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=FTMS1gEact/IV2SGd3mUMObgewQRR9ZF3iFQ/o65s94=;
        b=kuG4qHrlXiBw3tL7QS2SuIdRyXR6eSJxmb+9oduTXCcLTpgEo+r8UsDOO29jy4jr9m
         G7u1rCSPm81IilbxB3dPhzurkjNjDdKoh9IaVMwd206k+pBi4lNvszRzuCq9dsV15Jc/
         KU1hEHiAJ6Np6z+SH72OeC0E+v1wVBi4pYwmZ9PrcG6thrN3SXIEcg/bCZphnw6rXMQ6
         YCY9XaaHb9ONzj0AnfODacI9zGdfJSoChtO6y1ZkyDzWgbHne0zFsNMLQhBvTWNxKmvx
         XVg6qa0D3XlgU7BTAnzncNcyICtbYRYoZKdXet7yLVaj5YClmTQbphzPo0D7WvENaWBG
         gGvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739828098; x=1740432898;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=FTMS1gEact/IV2SGd3mUMObgewQRR9ZF3iFQ/o65s94=;
        b=fK0IhaK2a4rDRmZrLeTuc2yq6zsibGQbaquNLxIt7muUMviMlWvXDcbPC19KOwaM+I
         8niUrRpxkLasSuvn91GHPmpBpGMkPCB8nzMcMgSYOuC7f2cgkaTdTNFe+OJbw3ukKwKT
         qiAlxIdeF61eQZ1UTFmauHCzjPyrOZJWReAmDiCsyqku7uEgQUua2DAVhF3kZW17yHnt
         tiXKRvcvQntGBimNw5pUb/HfF75Da5f71Zw6E8wnPGf4/S0uy4vg1OcvYYH9dJ3QyvNg
         sCEfOsjMu9w2wNM3ZGynwQLTNJMOtr8H80wZioAsbZBGSDL6cAA7in230RGkKFXaoVkR
         uPeA==
X-Forwarded-Encrypted: i=1; AJvYcCVjqikMwKNA2MmpyzY9wKMMDR84QHkk3vPDvqZ1AQc5AR1biVll+27bFIyfdCmmh7BSOnXzR4zae7hUYBuC@postgresql.org
X-Gm-Message-State: AOJu0Yy0syGKAnPcSY91U3iLVPt5mKdgwhJtuk8R8EJYiw0u/W9pcaWn
	3tm8ZpgMQz0jKyRiX3oGUX0+T+t6Yp5jzwFwnpuRI38B+et+Hw5N6cAKwZAeAeDUjItUyOnHnBm
	Yk3kl1bKHAvERuZbUbWaagHo3+jo=
X-Gm-Gg: ASbGnctqALH4EsSjMYnKwyJAGSdH2tYcd1emeOHpFWLzaxzrg7QhU5v5xDYEJZw5AN4
	ZYkVE7PcR/IQg3Avgs+IpmraDED7CrLEJFYw3QGq6TQydGPu//h4uEDCLWEf9QjI5JBLJ4DA1
X-Google-Smtp-Source: AGHT+IFsJxQepO9amJVZzPtWYwCCZ9r/1Wk40leLQeqzysb55CfGkdJSHX+bJDT6N2+lLDyvKfCOPqBE5GglVHb4UDw=
X-Received: by 2002:a17:906:7312:b0:aba:620a:acf8 with SMTP id
 a640c23a62f3a-abb70b3d134mr1134782466b.24.1739828097437; Mon, 17 Feb 2025
 13:34:57 -0800 (PST)
MIME-Version: 1.0
References: <CACX+KaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko=D4FSb80BYW+o8CHQ@mail.gmail.com>
 <855988.1739816850@sss.pgh.pa.us> <CAKFQuwZ+EsCJHmBVdHeJ2XUWUBSGtN8k2icrX2hrPR=m7sLNGg@mail.gmail.com>
 <861660.1739819589@sss.pgh.pa.us> <CACX+KaMiZaFWVxYzZ_Lw-EBKgiO5GEBHmHREqs=GDpM88hRqdw@mail.gmail.com>
 <908583.1739822263@sss.pgh.pa.us>
In-Reply-To: <908583.1739822263@sss.pgh.pa.us>
From: Robert Haas <robertmhaas@gmail.com>
Date: Mon, 17 Feb 2025 16:34:45 -0500
X-Gm-Features: AWEUYZlQTw-0ljNK7011lg_wICCaVxwMFmwpGlvbD8UzXGjS5zmajUlGDbO4hGM
Message-ID: <CA+TgmobSc_x6thvXZvHoni5Gs5-wsxyTRiOMKoeuX5br0PCtDA@mail.gmail.com>
Subject: Re: Clarification on Role Access Rights to Table Indexes
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Ayush Vatsa <ayushvatsa1810@gmail.com>, 
	"David G. Johnston" <david.g.johnston@gmail.com>, 
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CA%2BTgmobSc_x6thvXZvHoni5Gs5-wsxyTRiOMKoeuX5br0PCtDA%40mail.gmail.com>
Precedence: bulk

On Mon, Feb 17, 2025 at 2:57=E2=80=AFPM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Ayush Vatsa <ayushvatsa1810@gmail.com> writes:
> >> As it stands, a superuser can prewarm an index (because she bypasses a=
ll
> >> privilege checks including this one), but nobody else can.
>
> > That's not fully true. Any role can prewarm an index if the role has th=
e
> > correct privileges.
>
> Ah, right.  An index will have null pg_class.relacl, which'll be
> interpreted as "owner has all rights", so it will work for the
> table owner too.  Likely this explains the lack of prior complaints.
> It's still a poor design IMO.

I'm not sure if I'd call that a "design". Sounds like I just made a
mistake here.

--=20
Robert Haas
EDB: http://www.enterprisedb.com