Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk9RI-000eEE-1X for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 22:18:08 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tk9RG-0047Ic-Mp for pgsql-hackers@arkaria.postgresql.org; Mon, 17 Feb 2025 22:18:06 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tk9RG-0047IT-AE for pgsql-hackers@lists.postgresql.org; Mon, 17 Feb 2025 22:18:06 +0000 Received: from mail-ot1-x32b.google.com ([2607:f8b0:4864:20::32b]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tk9RE-001Qx1-0Y for pgsql-hackers@postgresql.org; Mon, 17 Feb 2025 22:18:05 +0000 Received: by mail-ot1-x32b.google.com with SMTP id 46e09a7af769-727295a84c3so304337a34.3 for ; Mon, 17 Feb 2025 14:18:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1739830682; x=1740435482; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+fCfkuewABw/zJw6QG6YojJv+U9GTMUdzucY4gaLmZc=; b=a01PYEl2cWJEb5bC1TJAgqxFtl11ojulxFShZhqn7rR29f68Zv+itpjRWT2M6OXsKo zlVsntwCtEmEBxdysH6heTGxYwD6tKtRmDJg20BDKa/E0h1WY4n6LJyzgvQG4jmKWmjb TWccSgZK9Ut85isFQTiq1DV/qAD1BihxgdVPRHVgUiWY8A/5R2sryVJXxMaO6QyC7MR2 eI5xqFtM4li4RTsTHmSjsN/qslo2WVBxk34N4rdvCRFpG2iksHBPaD04wT28yGBRo5Oe pQD+tuHIkZ9Sdrsx5tQ3P+GZSKcsPtJQzJNIJJ7ZqUapoW8o2vxqjOSUhc5f45C7/TfH KpkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739830682; x=1740435482; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+fCfkuewABw/zJw6QG6YojJv+U9GTMUdzucY4gaLmZc=; b=CyYKJTf3RYBHTEhryQjEW3zcUNHOc0RHlSknivK7f1nqgKluys0i4a+AfDh7p7mBMo BaVuckSsM0LALMe9ouAgZKzcL/T/vbbsA3MY8uzgPasmrvb8t2YLh24EC6D5PvosyzxF Q6UrhfmsfWx5JiXwBsCOynE8qDsXniUDWdLG08/+4vSUJHAWX2m7sRBZ8OIfdS4Ou1lB Okrv6GWAxybw8pQDWxC40U4IGJEblxFwxukkbN+aLTq/aR8+i0uzLAwDHSy9Ra5nXC66 ZdrB0z0zaGWmJvOlm80hzIW6MF+nIyD2o6H8XIRzf+lXjH2bGPcDDY9rFGcfEzskVlhD Uxvg== X-Forwarded-Encrypted: i=1; AJvYcCXG2WLAzphV2ceh2+YMkn1haTtoKb/rtetrQmtwQLFXrZJW67w4BbOR+LNEEqM4n72IQuzTeLvmUGksy1WJ@postgresql.org X-Gm-Message-State: AOJu0YzFsYT2S7RD0cgHY7SZ0vwbxPF6ZacIi2hmZAoFjS/0GLR2rz8X 4AUJyhPbPb06810k12HG+8yJuf+3s58iCScPrmfWMcXnNhBEkEwbczuVjKih3XsW7pRVrlOr+p1 u3MXdodAWiW1M+dxFBvbwn6HkXPU= X-Gm-Gg: ASbGncu7LiEYzGfbThcxxSiBrkWl51lLZyn6Dqqfi7/Uz8rcerw6sGRLJUVjL0sV9Tt 9CGahL76dPlwi8qQ3WirSTuByS/aqe8HVmDuSWuI4sCmj7OHOpeo18aAf4p4RtRd4DvSXkok= X-Google-Smtp-Source: AGHT+IEvpW2AAfial44oyc9GQNfiykNdM3ZgQv2M1SG2NaHGEthH5sOnYlkAmctR5QF4AL5RVpEzT71LhTFc+hogh+E= X-Received: by 2002:a54:4506:0:b0:3ea:5880:fe1f with SMTP id 5614622812f47-3f3eb093a16mr7182798b6e.5.1739830682235; Mon, 17 Feb 2025 14:18:02 -0800 (PST) MIME-Version: 1.0 References: <855988.1739816850@sss.pgh.pa.us> <861660.1739819589@sss.pgh.pa.us> <908583.1739822263@sss.pgh.pa.us> <934709.1739829723@sss.pgh.pa.us> In-Reply-To: <934709.1739829723@sss.pgh.pa.us> From: "David G. Johnston" Date: Mon, 17 Feb 2025 15:17:26 -0700 X-Gm-Features: AWEUYZmiCy3_OXimMSygqXc_eifR-t-aF7Fdn7hzAaChYCk3S1ZyqZKR5e9xF4A Message-ID: Subject: Re: Clarification on Role Access Rights to Table Indexes To: Tom Lane Cc: Ayush Vatsa , Robert Haas , PostgreSQL Hackers Content-Type: multipart/alternative; boundary="000000000000c8bae4062e5de532" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000c8bae4062e5de532 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Feb 17, 2025 at 3:02=E2=80=AFPM Tom Lane wrote: > Ayush Vatsa writes: > > Thanks Robert for confirming, let me submit a patch to fix the same. > > Well, the first thing you need is consensus on what the behavior > should be instead. > > I have a very vague recollection that we concluded that SELECT > privilege was a reasonable check because if you have that you > could manually prewarm by reading the table. That would lead > to the conclusion that the minimal fix is to look at the owning > table's privileges instead of the index's own privileges. > I feel like if you can blow up the cache by loading an entire table into memory with just select privilege on the table we should be ok with allowing the same person to name an index on the same table and load it into the cache too. David J. --000000000000c8bae4062e5de532 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Mon, Feb 17, 2025 at 3:02=E2=80=AFPM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Ayush Vatsa <ayushvatsa1810@gmail.com> writes= :
> Thanks Robert for confirming, let me submit a patch to fix the same.
Well, the first thing you need is consensus on what the behavior
should be instead.

I have a very vague recollection that we concluded that SELECT
privilege was a reasonable check because if you have that you
could manually prewarm by reading the table.=C2=A0 That would lead
to the conclusion that the minimal fix is to look at the owning
table's privileges instead of the index's own privileges.

I feel like if you can blow up the cache by loadin= g an entire table into memory with just select privilege on the table we sh= ould be ok with allowing the same person to name an index on the same table= and load it into the cache too.

David J.

=
--000000000000c8bae4062e5de532--