Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tk5gH-00HTGi-Nr
	for pgsql-general@arkaria.postgresql.org; Mon, 17 Feb 2025 18:17:21 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tk5gG-001FXz-54
	for pgsql-general@arkaria.postgresql.org; Mon, 17 Feb 2025 18:17:20 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1tk5gF-001FXM-QE
	for pgsql-general@lists.postgresql.org; Mon, 17 Feb 2025 18:17:19 +0000
Received: from mail-oi1-x234.google.com ([2607:f8b0:4864:20::234])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1tk5gD-001MiI-2k
	for pgsql-general@lists.postgresql.org;
	Mon, 17 Feb 2025 18:17:18 +0000
Received: by mail-oi1-x234.google.com with SMTP id 5614622812f47-3f3d9321dccso2783853b6e.3
        for <pgsql-general@lists.postgresql.org>; Mon, 17 Feb 2025 10:17:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1739816237; x=1740421037; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=M/BN0k4KjLMok4Ou/6CFeUl69zO9KdcWF4P4MWyUBm4=;
        b=UoXJI5wWM7SwyhwjWz6WYbvFbz1t2jpaEjm5kcHQkjeVFuioZeBm7xUAwKbnSrAcCj
         YSJMzSNfJ5eu/SPuVYRPxnypyC7v128tGcJN/dfy5Xyyx2eo8TRuLHSd5fT3cGKcTCW5
         0sdcdENlWThkptaa+leqXYhTN/Q9VRNCvSeQLO4F9+gbV1mCXp15/TkcleL/cLSZ2NLp
         yzGPhXmnI5C5/wZdmCOG72IBq74exG256jI443P+FcTrZmexA4mpAYQi4wy6wIErq8pa
         rWWdhSAd6bP+h/C3LDwLXhtwJpTevDaiC1VsWxLhNz1mKqywkfRR+7FNabWNZwK5dz9h
         LSjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739816237; x=1740421037;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=M/BN0k4KjLMok4Ou/6CFeUl69zO9KdcWF4P4MWyUBm4=;
        b=wri6T9Sss+d1CDhlHWCsFN/FVF/wGumHeUF3pN9FDK3ec1Pzjm8hnYNNSm76kam7TE
         ayZVONMNz8NguEdQsWXI9nPJMTL8IBC2e+ncBu9gaJFvwuDjPYFeghN+nTzVWkIpxBti
         lcPTyePt1qFZePRJBynyb41o4JdRy3o/UmLRPQJPKTl9Rz4i058mafXZk9dnPRkuxJMR
         VxkPHAZvI1t3/C0x+5jivKcAi2+/tuReHGEPhZ3HuhGQ/Vb6GPMkWU1Ra0SEXaJS5u84
         6S5Ln3OJtUNu4XsKASr6usa5LWc/AXmJQivdCE+ZdiRfhnkKThnXrwbkXAVYMUeCVJRA
         jFrw==
X-Gm-Message-State: AOJu0Ywnwsbi89ZQ6I4GQlFcqF4TbANSsaf4kOCQmNYoCXfQc6Awi+VW
	fGpjRaqPMP7g7jxzPHO3nWp4nw+X3iibZpE1fAoqXCbI4u4XbKEsvl1cZXVNRO7gK2vTOyg3wam
	EztEDDMAaabDP445qs8ZwhYU7OBg=
X-Gm-Gg: ASbGnctxePhCmFc5a4KcpH22on6cHoD3a8LreATjPUrytJ9W+rjJPjnAx4KLyDC74KO
	d+/m6OkkkyIKrjezOGbaqOkAWUilEJmYl7m2KEcu0EtwHBggOm/5Zp9YAuNbofQp5tvc/0i8=
X-Google-Smtp-Source: AGHT+IF7Y+EN8cRukjLkK3KWtZejkw2qyzRrEFsaA3Cp33CrhQX2wF1wkLozj4CEIVDoORL9IdLwO1c91xxVKrcbZpM=
X-Received: by 2002:a05:6808:3846:b0:3f3:ca68:57fd with SMTP id
 5614622812f47-3f3eb0a7ae3mr7893835b6e.9.1739816237108; Mon, 17 Feb 2025
 10:17:17 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a05:6802:108f:b0:589:13f9:e937 with HTTP; Mon, 17 Feb 2025
 10:17:16 -0800 (PST)
In-Reply-To: <CACX+KaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko=D4FSb80BYW+o8CHQ@mail.gmail.com>
References: <CACX+KaMz2ZoOojh0nQ6QNBYx8Ak1Dkoko=D4FSb80BYW+o8CHQ@mail.gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Mon, 17 Feb 2025 11:17:16 -0700
X-Gm-Features: AWEUYZk6mGs1YwilOyK53r-3Sa3EveAPDiUVFPp-_pQikIi2R-MXtwTZ8qp_L60
Message-ID: <CAKFQuwaACqunNiK5Xo6qDYK5O-w-6od0xfN4kdu5Z3Bmp1GuDQ@mail.gmail.com>
Subject: Clarification on Role Access Rights to Table Indexes
To: Ayush Vatsa <ayushvatsa1810@gmail.com>
Cc: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Content-Type: multipart/alternative; boundary="000000000000c994c3062e5a8823"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKFQuwaACqunNiK5Xo6qDYK5O-w-6od0xfN4kdu5Z3Bmp1GuDQ%40mail.gmail.com>
Precedence: bulk

--000000000000c994c3062e5a8823
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Monday, February 17, 2025, Ayush Vatsa <ayushvatsa1810@gmail.com> wrote:

> postgres=3D# CREATE ROLE alpha;
>
> CREATE ROLE
> postgres=3D# GRANT SELECT ON pg_class TO alpha;
>
This is pointless, everyone (i.e. the PUBLIC pseudo-role) can already read
pg_class.

1. Can a role have access rights to a table without having access to its
> index?
>
Roles don=E2=80=99t directly interact with indexes in PostgreSQL so this do=
esn=E2=80=99t
even make sense.  But if you need a yes/no answer, then yes.

>
> 3. If no, and the role inherently gets access to the index when granted
> access to the table, why
> does the pg_prewarm call fail [1] in the above scenario?
>
> [1] https://github.com/postgres/postgres/blob/master/contrib
> /pg_prewarm/pg_prewarm.c#L108-L110
>
It fails because AFAICS there is no way for it to work on an index, only
tables.

David J.

--000000000000c994c3062e5a8823
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Monday, February 17, 2025, Ayush Vatsa &lt;<a href=3D"mailto:ayushvatsa1=
810@gmail.com" target=3D"_blank">ayushvatsa1810@gmail.com</a>&gt; wrote:<br=
><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1=
px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><p>postgres=3D# CREATE ROL=
E alpha;<br></p><p>CREATE ROLE<br>postgres=3D# GRANT SELECT ON pg_class TO =
alpha;</p></div></blockquote><div>This is pointless, everyone (i.e. the PUB=
LIC pseudo-role) can already read pg_class.</div><div><br></div><blockquote=
 class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc soli=
d;padding-left:1ex"><div dir=3D"ltr"><p>1. Can a role have access rights to=
 a table without having access to its index?<br></p></div></blockquote><div=
>Roles don=E2=80=99t directly interact with indexes in PostgreSQL so this d=
oesn=E2=80=99t even make sense.=C2=A0 But if you need a yes/no answer, then=
 yes.=C2=A0<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 =
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><p><br=
>3. If no, and the role inherently gets access to the index when granted ac=
cess to the table, why<br>does the <code>pg_prewarm</code> call fail [1] in=
 the above scenario?<br><br>[1]=C2=A0<a href=3D"https://github.com/postgres=
/postgres/blob/master/contrib/pg_prewarm/pg_prewarm.c#L108-L110" target=3D"=
_blank">https://github.com/postgre<wbr>s/postgres/blob/master/contrib<wbr>/=
pg_prewarm/pg_prewarm.c#L108-<wbr>L110</a></p></div></blockquote><div>It fa=
ils because AFAICS there is no way for it to work on an index, only tables.=
</div><div><br></div><div>David J.</div><div><br></div><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">
</blockquote>

--000000000000c994c3062e5a8823--