Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk622-00HWl2-Sz for pgsql-general@arkaria.postgresql.org; Mon, 17 Feb 2025 18:39:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tk621-001Uzw-7W for pgsql-general@arkaria.postgresql.org; Mon, 17 Feb 2025 18:39:49 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk620-001Uzd-Sc for pgsql-general@lists.postgresql.org; Mon, 17 Feb 2025 18:39:48 +0000 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tk61y-001Oxq-25 for pgsql-general@lists.postgresql.org; Mon, 17 Feb 2025 18:39:48 +0000 Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-5e0373c7f55so4174338a12.0 for ; Mon, 17 Feb 2025 10:39:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739817585; x=1740422385; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=0fXIFc/0vGL0bYnpOcSftHpGt5RRaRX2Jr24kmlSbjI=; b=YgfdaTXBaml6R6SvXj4iqxXfqOPGxxauqXKTOkN+dDo3h7+EFNOWcpLznc3VzGIHxL pz+exg1VHQK4rZEwaU5XhumvXWyOI6TBl/TZU2DVWf7jpoYuAwFNnj0kkMAAmXvbIKZt fwRZ6+ZX/2JQeoMkZVjF9y/jnQA8/tIuA5MUYV+YUz/o4bUHk4qz1nraa5vcoYj7IBvm b8NgIaU33q+7rlzR5Do8tP/YQ5RlWoJu6yaR/Js9h9SOIWrx+Qb51HUc8Y0dm8MoEBNW IwuPAXDpP/23DbuUElf0cHFD2JuobecNvX4NyZN2hxfJ5AS6nI6WVyxY4MTPTY0VwekK rh7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739817585; x=1740422385; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=0fXIFc/0vGL0bYnpOcSftHpGt5RRaRX2Jr24kmlSbjI=; b=Zup6nAfUhAbZDT1Rjrp/1kqaBfEXjharSnShRSxtn5Sn/mkGBmrD4Eob4lZJnjXLov IeyhfplcCeN+D1T/rS1Hfzv3LbdNPjtxDqxNsIgtJKyq8SvHMIX3NtL6jQh7LjV9EWLJ AOl6v0uYW61FXNicxCLGb+MfW6JLOAfGQPddboBYUIbtokp3qKxsMyggfZWmTpIHz1u7 rssI9SdG2FnCzM9+PhtAXaHb81W6ENwM8laYO9aEs21uilIEakllzbdPKHLKntA6xLze Ij51NBxlc6F4sT+BcKZXWB5OKNOyEaXWlCZFHXYgyMvFGgDaxApulYB3cq+FY9VwqGqO hAoQ== X-Gm-Message-State: AOJu0YxCkxhFLUHZK46RNZJFtWL75r34hbdU5p+wGn2SLIaF5rRvTF9o HQUDO4iAaa2QggIr4Z17LEKBv4Edq27KNqfrCHHXAoiQiFAweEvpbCPX+BeZu2zNk+IdLbMonzT wcViS4pauZrWJ+0vLnbnYbMiWXB0= X-Gm-Gg: ASbGncvdw9D2FHpoxiAezDQCN9UT1rGUl2PQnAxoMNZXgG0l0mZjcqHFTDAmS3q8yRU vC/vtwDOCggIOYCw9eZmZEqhP6IlVX1vgCzhpZ1UbDTg+BFLzDFgAvtUbdy3pwhGQv4YkbQ== X-Google-Smtp-Source: AGHT+IHo1S7F0TUJi544uM6L4O2FEahnUIrEL3SbZvrU5JY88yMHTsqPx2yTiY0snEHPtat9qQ1uYG2sunCfGZ9PIlI= X-Received: by 2002:a17:907:7717:b0:ab7:758c:b398 with SMTP id a640c23a62f3a-abb70b7676fmr776021266b.20.1739817585278; Mon, 17 Feb 2025 10:39:45 -0800 (PST) MIME-Version: 1.0 References: <855988.1739816850@sss.pgh.pa.us> In-Reply-To: <855988.1739816850@sss.pgh.pa.us> From: Ayush Vatsa Date: Tue, 18 Feb 2025 00:09:33 +0530 X-Gm-Features: AWEUYZnK_s1mqwNw_d2BQUcqMp3tUS42AvGK6_ZomQ2hlkN6FbnEQHcOf0auYwg Message-ID: Subject: Re: Clarification on Role Access Rights to Table Indexes To: Tom Lane , "David G. Johnston" , Robert Haas Cc: pgsql-general@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000250807062e5ad97a" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000250807062e5ad97a Content-Type: text/plain; charset="UTF-8" > This is pointless, everyone (i.e. the PUBLIC pseudo-role) can already read pg_class. True, Just checked that. > It fails because AFAICS there is no way for it to work on an index, only tables. pg_prewarm extension works on index if we have right (SELECT) privileges postgres=# CREATE TABLE x(id INT); CREATE TABLE postgres=# CREATE INDEX idx ON x(id); CREATE INDEX postgres=# INSERT INTO x SELECT * FROM generate_series(1,10000); INSERT 0 10000 postgres=# SELECT pg_prewarm('x'); pg_prewarm ------------ 45 (1 row) postgres=# SELECT pg_prewarm('idx'); pg_prewarm ------------ 30 (1 row) > It seems like ownership of the table would be more appropriate, or maybe > access to one of the built-in roles like pg_maintain. True, adding Robert Haas (author) to this thread for his opinion. Regards, Ayush Vatsa SDE AWS --000000000000250807062e5ad97a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0This is pointless, everyone (i.e.= the PUBLIC pseudo-role) can already read pg_class.
True, Just checked t= hat.

>=C2=A0It fails because AFAICS there is no way for = it to work on an index, only tables.
pg_prewarm extension works on index= if we have right (SELECT) privileges
postgres=3D# CREATE TABLE x= (id INT);
CREATE TABLE
postgres=3D# CREATE INDEX idx ON x(id);
CRE= ATE INDEX

postgres=3D# INSERT INTO x SELECT * FROM generate_s= eries(1,10000);
INSERT 0 10000
postgres=3D# SELECT pg_prewarm('x&= #39;);
=C2=A0pg_prewarm
------------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A045
(1 row)

postgres=3D# SELECT pg_prewarm('idx');=C2=A0pg_prewarm
------------
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A030=
(1 row)

> It seems like ownership of the ta= ble would be more appropriate, or maybe
> access to one of the buil= t-in roles like pg_maintain.
True, adding Robert Haas (author) to this t= hread for his opinion.

Regards,
Ayush Vatsa
SDE AWS
--000000000000250807062e5ad97a--