Re: Clarification on Role Access Rights to Table Indexes

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Ayush Vatsa <ayushvatsa1810@gmail.com>, "David G. Johnston" <david.g.johnston@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-02-17T21:34:45Z
Lists: pgsql-hackers, pgsql-general
On Mon, Feb 17, 2025 at 2:57 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Ayush Vatsa <ayushvatsa1810@gmail.com> writes:
> >> As it stands, a superuser can prewarm an index (because she bypasses all
> >> privilege checks including this one), but nobody else can.
>
> > That's not fully true. Any role can prewarm an index if the role has the
> > correct privileges.
>
> Ah, right.  An index will have null pg_class.relacl, which'll be
> interpreted as "owner has all rights", so it will work for the
> table owner too.  Likely this explains the lack of prior complaints.
> It's still a poor design IMO.

I'm not sure if I'd call that a "design". Sounds like I just made a
mistake here.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Fix privilege checks for pg_prewarm() on indexes.

  2. Fix lookup code for REINDEX INDEX.

  3. Fix redefinition of typedef RangeVar.

  4. Fix lookups in pg_{clear,restore}_{attribute,relation}_stats().

  5. dblink: Avoid locking relation before privilege check.