Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tpYSd-007oAC-PN
	for pgsql-hackers@arkaria.postgresql.org; Tue, 04 Mar 2025 20:01:51 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1tpYSc-006irb-3H
	for pgsql-hackers@arkaria.postgresql.org; Tue, 04 Mar 2025 20:01:50 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <nathandbossart@gmail.com>)
	id 1tpYSb-006iqf-Oi
	for pgsql-hackers@lists.postgresql.org; Tue, 04 Mar 2025 20:01:49 +0000
Received: from mail-il1-x131.google.com ([2607:f8b0:4864:20::131])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <nathandbossart@gmail.com>)
	id 1tpYSY-000xfd-01
	for pgsql-hackers@postgresql.org;
	Tue, 04 Mar 2025 20:01:49 +0000
Received: by mail-il1-x131.google.com with SMTP id e9e14a558f8ab-3d19e40a891so20889815ab.3
        for <pgsql-hackers@postgresql.org>; Tue, 04 Mar 2025 12:01:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1741118504; x=1741723304; darn=postgresql.org;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date:from:to
         :cc:subject:date:message-id:reply-to;
        bh=Zs21QnAa0MCDjWmkK2qaeWWBpqaWCtg4qEX93P6LbO8=;
        b=GnjbiADO1qAQ+WaO/zMW/Elmk6qWGUUZWbTjP6n5eGg6ml8v+U0hTuHnmsjG6iM2gw
         hwkhMy+LLicRkwHyZlgdLkuRQyDTQBvyB8wS4cVruhlqE+RYY9n1hBiUGETUOcFszYxW
         0BQ3gn/u04/f+USrGnqYsMQLt/wC51jAhnQiljS4UltFyVz+vHRoWtEBGzL2D7CNJabN
         5mVR9V4iA5ZP8t0cgPfae9FOEOmNGQBJi6DUTxIaIvgsUp7D3K9oFUgHhC1jTW6bS0Bw
         AtuFWdnWqhrO+Taq6JB9MkJ1oyxWsWT2I85bi0dYVGsChk+KtVWXAu/3KdMxI19cFokT
         XvHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1741118504; x=1741723304;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Zs21QnAa0MCDjWmkK2qaeWWBpqaWCtg4qEX93P6LbO8=;
        b=gSaRWaB1zdntY2chNKVQ8nknOB4hUEaf5iSbTxYVOKjMVzEIKPcNV54MBBujl7ERuu
         7rXULV8BirSL0xuLomsZeZGMrUT3HZ8+mch4Owe7CnlLodBlFB9QRhOESyH3pUKzAb43
         OWZClxzPm9nxw3H9OQY6rdQ7ztqVC3rd3A1q1orBBhx4KjsuJm34TqCJfM6ZCF/B2neH
         LaYuGBqmMgr3Hvcj8IV37Xw9wHgelb82ru/EJry4HvUf66+Gu5bgm0S5wxoDtHiXCvI3
         vFeBLMBqtwBc2uXBMTbx/KxHbRFUeD3T3f62AJmpXewCA7TNuYwViCpRvyFTSV+yDoN3
         CdIQ==
X-Forwarded-Encrypted: i=1; AJvYcCXqSwjM5/4g0wFik0qboSa6A1YlAQbPSY41oQ+9ftvhsQw6FQVZMglMfEXk5jJr4+kHe9ZREbCBDJkxNVoR@postgresql.org
X-Gm-Message-State: AOJu0Yzink83vEGFf8AkNwYBPh4+XE3Y4up2aw9wjiPjTXZv7cpzDW6Y
	FS5++rgNCYkVw+x5DtYG4IcQTOsYmPk7dYC1v+TqITO+AwOmm4UE
X-Gm-Gg: ASbGnct+dkytmOT2gAjosZQWGvQ2bpO0AqBI5CRWZ8H8g/wVZ8eCCC+t8RSshfscRpG
	FXc6rXrdLfvphIqX5RX3HqouqyUp6XT/xrU2+DA8GmVysB3bEs3Kv127k+yj940wjQV6iJfS8Jn
	+6zExCB4SjAeNeY5ZLyPb+FspxNxfM+pWXFADSXq4SFyaHLr3y+Q1XYdyCX5T1/MW3dgrzvEUk9
	hQIBxyGrH1eJusy+WTHyCKiUUn/kwCDMev7s12PCXNRgmM1B9beuNLAauS04h17Fd4eEAEFfCqA
	143W0gGXbdYjBg/M662gZKBtlMT7t/uEreYbrxhGhscBMquCs65SmHkmhowmEmuXMa31hJ/LP4W
	gxOs68ckRO2J3lzmynxnrgTlglc7JhWwcZeo=
X-Google-Smtp-Source: AGHT+IFN9JQOmMixSKnZaA+5Z5aPdQdWcQ25Fy4Xxx1k4Aw0N/qFhQsLRi5e7jOATqvTX9CaqIxWOA==
X-Received: by 2002:a05:6e02:144a:b0:3d3:f775:cec0 with SMTP id e9e14a558f8ab-3d42b99eb21mr6616935ab.22.1741118491112;
        Tue, 04 Mar 2025 12:01:31 -0800 (PST)
Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172])
        by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4f09b7fed88sm1354804173.138.2025.03.04.12.01.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 04 Mar 2025 12:01:30 -0800 (PST)
Date: Tue, 4 Mar 2025 14:01:28 -0600
From: Nathan Bossart <nathandbossart@gmail.com>
To: Ayush Vatsa <ayushvatsa1810@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>,
	"David G. Johnston" <david.g.johnston@gmail.com>,
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Subject: Re: Clarification on Role Access Rights to Table Indexes
Message-ID: <Z8dcGMMP3-D5dobY@nathan>
References: <CA+TgmobSc_x6thvXZvHoni5Gs5-wsxyTRiOMKoeuX5br0PCtDA@mail.gmail.com>
 <CACX+KaPv4apqG3=Ef+FB9nn4C4cd6Z+604ej0PPOHKExH45u2A@mail.gmail.com>
 <934709.1739829723@sss.pgh.pa.us>
 <CAKFQuwZThU_Z-Zw+3mr+ecp1BVOw777dp3nXU5-wTVk3kS10gw@mail.gmail.com>
 <CA+TgmoZG71zBpLOfCGZqGhtp=88z6=YYhi54TEsCtKr3v+UpoA@mail.gmail.com>
 <1243984.1739894558@sss.pgh.pa.us>
 <CA+Tgmob_W0iq9Kuugra3WYTO2429RMJ_+HkVukrXWOUN81QiEw@mail.gmail.com>
 <1246906.1739896202@sss.pgh.pa.us>
 <CA+TgmoZYM2az+yCWu5DBnV50N_BE9f1r8-Doy6-tZTySeb-s+A@mail.gmail.com>
 <CACX+KaNAbOzePn710EtzH9F5xiUdBC+u59=UMab=Wr8jgDKQtw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CACX+KaNAbOzePn710EtzH9F5xiUdBC+u59=UMab=Wr8jgDKQtw@mail.gmail.com>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/Z8dcGMMP3-D5dobY%40nathan>
Precedence: bulk

On Wed, Feb 19, 2025 at 03:53:48PM +0530, Ayush Vatsa wrote:
> It seems there's a general consensus that we should maintain a
> original design to support pg_prewarm, with a minor adjustment:
> when querying indexes, we should verify the privileges of the parent table.
> 
> I´ve attached a patch for this, which includes some test cases as well.
> Let me know if it needs any changes.

+        tableOid = IndexGetRelation(relOid, false);
+        aclresult = pg_class_aclcheck(tableOid, GetUserId(), ACL_SELECT);

I'm wondering whether setting missing_ok to true is correct here.  IIUC we
should have an AccessShareLock on the index, but I don't know if that's
enough protection.  The only other similar coding pattern I'm aware of is
RangeVarCallbackForReindexIndex(), which sets missing_ok to false and
attempts to gracefully handle a missing table.  Of course, maybe that's
wrong, too.

Perhaps it's all close enough in practice.  If we get it wrong, you might
get a slightly less helpful error message when the table is concurrently
dropped, which isn't so bad.

-- 
nathan