| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Clarification on Role Access Rights to Table Indexes |
| Date: | 2025-02-18 16:02:38 |
| Message-ID: | 1243984.1739894558@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Mon, Feb 17, 2025 at 5:18 PM David G. Johnston
> <david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
>>> I have a very vague recollection that we concluded that SELECT
>>> privilege was a reasonable check because if you have that you
>>> could manually prewarm by reading the table. That would lead
>>> to the conclusion that the minimal fix is to look at the owning
>>> table's privileges instead of the index's own privileges.
>> I feel like if you can blow up the cache by loading an entire table into memory with just select privilege on the table we should be ok with allowing the same person to name an index on the same table and load it into the cache too.
> +1.
Is that a +1 for the specific design of "check SELECT on the index's
table", or just a +1 for changing something here?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2025-02-18 16:21:21 | Re: Doubts regarding pg_freespacemap extension |
| Previous Message | Robert Haas | 2025-02-18 15:13:03 | Re: Clarification on Role Access Rights to Table Indexes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2025-02-18 16:08:45 | Re: Add “FOR UPDATE NOWAIT” lock details to the log. |
| Previous Message | Sagar Shedge | 2025-02-18 15:52:57 | Re: Extend postgres_fdw_get_connections to return remote backend pid |