Re: Clarification on Role Access Rights to Table Indexes

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Ayush Vatsa <ayushvatsa1810@gmail.com>
Cc: "David G. Johnston" <david.g.johnston@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-02-17T19:57:43Z
Lists: pgsql-hackers, pgsql-general
Ayush Vatsa <ayushvatsa1810@gmail.com> writes:
>> As it stands, a superuser can prewarm an index (because she bypasses all
>> privilege checks including this one), but nobody else can.

> That's not fully true. Any role can prewarm an index if the role has the
> correct privileges.

Ah, right.  An index will have null pg_class.relacl, which'll be
interpreted as "owner has all rights", so it will work for the
table owner too.  Likely this explains the lack of prior complaints.
It's still a poor design IMO.

			regards, tom lane



Commits

  1. Fix privilege checks for pg_prewarm() on indexes.

  2. Fix lookup code for REINDEX INDEX.

  3. Fix redefinition of typedef RangeVar.

  4. Fix lookups in pg_{clear,restore}_{attribute,relation}_stats().

  5. dblink: Avoid locking relation before privilege check.