Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk71D-0008zd-6b for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 19:43:03 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tk71B-0029Zn-V7 for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 19:43:01 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk71B-0029ZD-Iz for pgsql-hackers@lists.postgresql.org; Mon, 17 Feb 2025 19:43:01 +0000 Received: from mail-ed1-x533.google.com ([2a00:1450:4864:20::533]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tk719-001Pkl-0Y for pgsql-hackers@postgresql.org; Mon, 17 Feb 2025 19:43:01 +0000 Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-5deb1266031so8313495a12.2 for ; Mon, 17 Feb 2025 11:42:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739821377; x=1740426177; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ZvXB/ft2yBoC+zz3Pg8WVrqVh6NNrt1esmrROKVM25o=; b=TmQ4JNzwC5wZnUlqhgIV13zD6E4KfgTbvx4LBQ23G7ryP+fPkV7og0NDo3E3cG8ZYB 3+UXyIDrcPcGXVWhDCNKyMwBXvrPE7BmtJV0KV4W/Bx7opKkW+X4UcuxLxPLY7f3o4To Nd08p9LtitMBleLdTmMSdllpRWAZdq9Jlpfywz3fM3azhNTAjNM4al66zBuycQe/aOQr B6s3q/pgY/xi51XRxHCHm2moqrLNnq17IV7npzwK60E175jokOkf4EbHAJ+PjIdh/Hb9 7JdDFyPmPEFkA1RpiUUbDL1RFW6Ydh1ye1OpmyiVP2hOybw+vON0e8iwBGbEcho9/Tjh OQ1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739821377; x=1740426177; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZvXB/ft2yBoC+zz3Pg8WVrqVh6NNrt1esmrROKVM25o=; b=j8x8g7PozNgYWp71nklz4Eg3Z+rTu9QTBR9JzO3w/LlIIjgDXFVwkuWMp/21GRwo5v FXlSL7NwycPKbFgnicZI6JhXznnaDWOBi4m20daAlKtjoV3HqFQm9gHSSA+AcIQyfrO5 +vHW87CO1QNCNvjapFB/vXjjlZu5aJ9WXnOvElutN03f3rULpYpr5Bxg1+mUyeKrFK/c MMXZQBY9eAV9Y6SHVD2GsXdw8VGM1a9o0bqev5lVp1Ab82lzBQe00gw+3uk/kejJqQkt rA7lH2KMK8fBfY6jZ5UGjr18sCXwSfnMH61XYO9LN6uQsWWXePTGzS7hpTHc80bMV7u0 4mOg== X-Forwarded-Encrypted: i=1; AJvYcCVPbsttdmqDtZi8x4L4IhJdzwIn2opUWNZcijHCgofxXWXYP+259CMyyBV5RyCZ4vjyoSOtwkZrSOXa1GK7@postgresql.org X-Gm-Message-State: AOJu0YwFuRCUdiHwFHEnFIgMQ3EZHl70KB5XIJhvR5eMKlpOsjHujP7T mBD2NPpNlUnZLcre265DJpBILIlF26hmgBnMox8bQojxXrNKr1JYxC4lGHNAfkLUr3ybTAdv5Rd q5erbM5bpI2mR+z62vw1COMU9A+4= X-Gm-Gg: ASbGncsvB/hyetYHgimkVeWMxQBL2oKQCOpRNoj3EPujBWuD/g0vrOfnXNNwccZ6q4O HoQHbAvegk6RUd6eF4P83zCwv04JIqEcRNz3iQ4obnYtRqf4qtTwYtBoWRKvYXWKNubdVUw== X-Google-Smtp-Source: AGHT+IHHcMO+42hQFVEvg+wwBFd6vgvfhPwCG7h7hWy/Q4W3FdcGb0hKS3Wqc5z8SQ35Tb8QxWbIcddrPUFbNv5mHeU= X-Received: by 2002:a05:6402:34cc:b0:5e0:348a:e331 with SMTP id 4fb4d7f45d1cf-5e036044227mr12986153a12.5.1739821376791; Mon, 17 Feb 2025 11:42:56 -0800 (PST) MIME-Version: 1.0 References: <855988.1739816850@sss.pgh.pa.us> <861660.1739819589@sss.pgh.pa.us> In-Reply-To: <861660.1739819589@sss.pgh.pa.us> From: Ayush Vatsa Date: Tue, 18 Feb 2025 01:12:44 +0530 X-Gm-Features: AWEUYZkK34kKCGcyOkGmQqjUFMuTQ6lK2ctaO6Ile05t0VBgajBzUm4BHfwmZ0E Message-ID: Subject: Re: Clarification on Role Access Rights to Table Indexes To: Tom Lane Cc: "David G. Johnston" , PostgreSQL Hackers Content-Type: multipart/alternative; boundary="00000000000022ee8a062e5bbb2b" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000022ee8a062e5bbb2b Content-Type: text/plain; charset="UTF-8" > As it stands, a superuser can prewarm an index (because she bypasses all > privilege checks including this one), but nobody else can. That's not fully true. Any role can prewarm an index if the role has the correct privileges. postgres=# GRANT CREATE ON SCHEMA PUBLIC TO alpha; GRANT postgres=# SET ROLE alpha; SET postgres=> CREATE TABLE tab(id INT); CREATE TABLE postgres=> CREATE INDEX tab_idx ON tab(id); CREATE INDEX postgres=> SELECT pg_prewarm('tab_idx'); pg_prewarm ------------ 1 (1 row) Don't know what stopped it from prewarming the catalog table index. Maybe it's checking who is the owner of the table. Although in code it's just checking the ACL_SELECT [1]. I will be debugging more here and maybe create a patch for the same. postgres=# RESET ROLE; RESET postgres=# CREATE TABLE superuser_tab(id INT); CREATE TABLE postgres=# CREATE INDEX idx_superuser_tab ON superuser_tab(id); CREATE INDEX postgres=# GRANT SELECT ON superuser_tab TO alpha; GRANT postgres=# SET ROLE alpha; SET postgres=> SELECT pg_prewarm('superuser_tab'); pg_prewarm ------------ 0 (1 row) postgres=> SELECT pg_prewarm('idx_superuser_tab'); ERROR: permission denied for index idx_superuser_tab postgres=> RESET ROLE; RESET postgres=# ALTER TABLE superuser_tab OWNER TO alpha; ALTER TABLE postgres=# SET ROLE alpha; SET postgres=> SELECT pg_prewarm('idx_superuser_tab'); pg_prewarm ------------ 1 (1 row) But I agree we should just check the table privileges even in the case of indexes to decide whether to prewarm or not, as *indexes don't have any privilegesof their own.* > I think -hackers would be the appropriate location for that. I am shifting this to -hackers mailing list instead of general. [1] https://github.com/postgres/postgres/blob/master/contrib/pg_prewarm/pg_prewarm.c#L108-L110 Regards, Ayush Vatsa SDE AWS --00000000000022ee8a062e5bbb2b Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> As it stands, a superuser can prewarm an index (= because she bypasses all
> privilege checks including this one), but= nobody else can.
That's not fully true. Any role can prewarm= an index if the role has the correct privileges.
postgres=3D# GR= ANT CREATE ON SCHEMA PUBLIC TO alpha;
GRANT
postgres=3D# SET ROLE a= lpha;
SET
postgres=3D> CREATE TABLE tab(id INT);
CREATE TABLEpostgres=3D> CREATE INDEX tab_idx ON tab(id);
CREATE INDEX
postg= res=3D> SELECT pg_prewarm('tab_idx');
=C2=A0pg_prewarm
--= ----------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1
(1 row)

Don't know what stopped it from prewarming the catalog table inde= x.
Maybe it's checking who is the owner of the table. Althoug= h in code
it's just checking the ACL_SELECT [1]. I will be debugging= more here
and maybe create a patch for the same.

post= gres=3D# RESET ROLE;
RESET
postgres=3D# CREATE TABLE superuser_tab(id= INT);
CREATE TABLE
postgres=3D# CREATE INDEX idx_superuser_tab ON su= peruser_tab(id);
CREATE INDEX
postgres=3D# GRANT SELECT ON superuser_= tab TO alpha;
GRANT
postgres=3D# SET ROLE alpha;
SET
postgres= =3D> SELECT pg_prewarm('superuser_tab');
=C2=A0pg_prewarm ------------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 0
(1 row)
= postgres=3D> SELECT pg_prewarm('idx_superuser_tab');
ERROR: = =C2=A0permission denied for index idx_superuser_tab

postgres=3D> RESET ROLE;
RESET
postgres=3D# ALTER TABLE superuse= r_tab OWNER TO alpha;
ALTER TABLE
postgres=3D# SET ROLE alpha;
SET=
postgres=3D> SELECT pg_prewarm('idx_superuser_tab');
=C2= =A0pg_prewarm
------------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 1
(= 1 row)

But I agree we should just check the table = privileges even in the case of=C2=A0
indexes to decide whether to prewar= m or not, as indexes don't have any privileges
of their own.<= br>
> I think -hackers would be the appropriate location for that.I am shifting this to -hackers mailing list instead of general.

[1]= =C2=A0https://github.com/postgres/postgres/blob= /master/contrib/pg_prewarm/pg_prewarm.c#L108-L110

Regards,
Ay= ush Vatsa
SDE AWS
--00000000000022ee8a062e5bbb2b--