Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1v93b3-009I8P-9p
	for pgsql-hackers@arkaria.postgresql.org; Wed, 15 Oct 2025 15:39:24 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1v93b2-0070QP-4O
	for pgsql-hackers@arkaria.postgresql.org; Wed, 15 Oct 2025 15:39:23 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <nathandbossart@gmail.com>)
	id 1v93b1-0070QH-Ra
	for pgsql-hackers@lists.postgresql.org; Wed, 15 Oct 2025 15:39:22 +0000
Received: from mail-io1-xd2c.google.com ([2607:f8b0:4864:20::d2c])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <nathandbossart@gmail.com>)
	id 1v93az-001vJT-0O
	for pgsql-hackers@postgresql.org;
	Wed, 15 Oct 2025 15:39:21 +0000
Received: by mail-io1-xd2c.google.com with SMTP id ca18e2360f4ac-88703c873d5so234868939f.3
        for <pgsql-hackers@postgresql.org>; Wed, 15 Oct 2025 08:39:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760542760; x=1761147560; darn=postgresql.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=Pcfe5zIUIiVNt8Iu1xfAd78rWnVio9djxQO5D6H/oi0=;
        b=T40Ckk7f8cn2B6RSfQH6nLT+RP4DtRDBkYoodZK8BeJru77IdMmngCPD9L55A5DRRS
         i3Gx3JrVvdqfDeqF/OFt9/yzRvt/ZU2cfjFpKwvI3gj+04ojnmjwnJ7YxZ8OFuREw8Ha
         rDRDCSVfgGe6lTegEpt0gbcXY19soOcGWYItC1rvsBKu8KVzoP7fkxUDHgVECqyMFKgo
         eJYBrrj4IVjFqcgcI1QGI72XlotLZCAW1/60E/F8p3VKhx+5OxEWNkZauLst0gpd6J5A
         rwanUdaYYxw+MibsN242aNYAOJQPgqC2VXXO/m9BLJKR7lz4KyjVfHhmRxgXjCwgqges
         HRZw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760542760; x=1761147560;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Pcfe5zIUIiVNt8Iu1xfAd78rWnVio9djxQO5D6H/oi0=;
        b=w3YNr6FTd91foX1uC2xxTu4kfvY2svNeFJz2a3v3fGvucQ0aITS17su2abIIzM+Yrn
         e0yTOjdg2zo+KK5cGqkWwk4s1ITOt6cDwkdRwU2o7P30+16Y+TjsWJHInCgeVdTyuVOs
         HC2eWZa+nHjG5h+cMo6GeD/bmBrQCIj5ZTQ50q7PddzYjnnfrJ4pa9IOhcj8NqzAsLdV
         IGt29iDzk/gI86ohARBeY/uDxV/keluZGRaETdFtRNQidO+I5Dy+41LDApl+LvYC3Eay
         A1+FrrI1ga2yWCdmv2VCqejZNV0xirLwSmFoSER7dLu/uiWpWw8ZTziy5INXu2UESft9
         6Rjw==
X-Forwarded-Encrypted: i=1; AJvYcCUIRGfNlDLqgInFafNPHazBkaeROfROiOtpDogoxzMVAAh5L1wMv0s2hY+UK08G+B2bKuqNk84AarsA1aFu@postgresql.org
X-Gm-Message-State: AOJu0YzJCX2fFJc3qOWx9fVPdsZ6dTMxI3zFf9Z2fZbLPH2rw8aUCc2P
	whZ/bG740M2BZza60fuOXXOXvwTjoHK/4cnshBKPCtO25qU5EocbC/JY
X-Gm-Gg: ASbGncu42n7FMKF+hF6kTdVn7zuH3Gcr2IdwReBqbV9uLR+Vxez7YBUVnTkfEwzQ2Bv
	3VgDSOkqWYJr+SaOnbrYmDCHvdhSTVubBbqFzMEiZyYkEH48SyOGjiNsrGgP9dylPHQUCjiMFhB
	aKuAqjN5aEndnyCflCTDDCOwDq2rS+7YscY3Jl0kIHQrKeYz87AbxXvbe8trTILobxrLWF3G1XW
	amB3Tsq/zW5LtlqprJqKiFYjpEfXkpGIe/vGSY/8/uhWmEznC5zR7ka/bQSMMxTDYVI7UV6jbCL
	GbSAxAjz0wMpw9yeQZlBzvEcpLbTDSdQIKQ/Ly5K7eVbqp3aSebBxp5m48s3FVXwXCkK5vwqaPK
	Ls1Ikn+KP1UxXJUvi1Ie7bKUnzuK7VwZQFHVQflzPixSDSGJ3ibojmUO3hiCysKpIkhDw6Yd/GE
	6978edNvrWJNCuKhRr6JF4rSwt6TwTerT/H1WQ+++zbw==
X-Google-Smtp-Source: AGHT+IGR9PtthMEhUbRJYqWSyg7kgKl/pEDXX7aOw8BEHZbU616Yb3QzGALbXHCqw3WZJsV+JRnH6g==
X-Received: by 2002:a05:6602:2c11:b0:92e:298e:eedb with SMTP id ca18e2360f4ac-93bd199b1cemr3628749439f.10.1760542760052;
        Wed, 15 Oct 2025 08:39:20 -0700 (PDT)
Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172])
        by smtp.gmail.com with ESMTPSA id ca18e2360f4ac-93e25a3e92bsm632587939f.14.2025.10.15.08.39.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 Oct 2025 08:39:19 -0700 (PDT)
Date: Wed, 15 Oct 2025 10:39:17 -0500
From: Nathan Bossart <nathandbossart@gmail.com>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Corey Huinker <corey.huinker@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>,
	Ayush Vatsa <ayushvatsa1810@gmail.com>,
	Robert Haas <robertmhaas@gmail.com>,
	"David G. Johnston" <david.g.johnston@gmail.com>,
	PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Subject: Re: Clarification on Role Access Rights to Table Indexes
Message-ID: <aO_AJd3Au9xmSwjD@nathan>
References: <8af53c6e8992aa706e63aafe60a3bcf100b524d1.camel@j-davis.com>
 <7b0e2774cdcc8f522ac82f64a8d7266f353a5094.camel@j-davis.com>
 <aOfXNAFkj_EFm-8q@nathan>
 <aOgmi6avE6qMw_6t@nathan>
 <aOkzoH-pXdBr0ewf@nathan>
 <31a67adbb10b85ff7cddeafe75b9f6505c902e57.camel@j-davis.com>
 <aO1TaPd0YesHy5Sn@nathan>
 <bd0826223bff21bd2ad3d0b1520ee8429568c526.camel@j-davis.com>
 <aO50zOmoRFnB9_IX@nathan>
 <857a4633aea6ef90bde4156ae351c49794b34732.camel@j-davis.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <857a4633aea6ef90bde4156ae351c49794b34732.camel@j-davis.com>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/aO_AJd3Au9xmSwjD%40nathan>
Precedence: bulk

On Tue, Oct 14, 2025 at 10:01:37AM -0700, Jeff Davis wrote:
> If we start with an OID, what's the right way to do these kinds of
> checks? Could we do an ACL check, then lock it, then do an ACL check
> again to catch OID wraparound?

I tried something like this upthread [0].  My feeling was that this was a
lot of complexity for not a lot of gain.  Perhaps it's still worth doing,
though.

[0] https://postgr.es/m/aOgmi6avE6qMw_6t%40nathan

-- 
nathan