| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Clarification on Role Access Rights to Table Indexes |
| Date: | 2025-02-17 22:02:03 |
| Message-ID: | 934709.1739829723@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
Ayush Vatsa <ayushvatsa1810(at)gmail(dot)com> writes:
> Thanks Robert for confirming, let me submit a patch to fix the same.
Well, the first thing you need is consensus on what the behavior
should be instead.
I have a very vague recollection that we concluded that SELECT
privilege was a reasonable check because if you have that you
could manually prewarm by reading the table. That would lead
to the conclusion that the minimal fix is to look at the owning
table's privileges instead of the index's own privileges.
Or we could switch to using ownership, which'd keep the code
simple but some users might complain it's too restrictive.
While I mentioned built-in roles earlier, I now think those mostly
carry more privilege than should be required here, given the analogy
to SELECT.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2025-02-17 22:17:26 | Re: Clarification on Role Access Rights to Table Indexes |
| Previous Message | David G. Johnston | 2025-02-17 21:58:53 | Re: Loading the latest N rows into the cache seems way too fast. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2025-02-17 22:12:59 | Re: add function argument name to substring and substr |
| Previous Message | Nathan Bossart | 2025-02-17 21:55:50 | Re: describe special values in GUC descriptions more consistently |