Re: Clarification on Role Access Rights to Table Indexes

Ayush Vatsa <ayushvatsa1810@gmail.com>

From: Ayush Vatsa <ayushvatsa1810@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, "David G. Johnston" <david.g.johnston@gmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-08T21:31:41Z
Lists: pgsql-hackers, pgsql-general
> From a quick test and skim of the relevant
> code, I think your patch is fine, though
Thanks for reviewing.

> And IIUC
> DROP TABLE first acquires a lock on the table and its dependent objects
> (e.g., indexes) before any actual deletions, so AFAICT there's no problem
> with using it in pg_class_aclcheck() and get_rel_name(), either.
True, I have also verified that from [1], hence I think we are safe here.
Maybe we can move ahead with the patch if we can see no other concerns.

[1]
https://github.com/postgres/postgres/blob/master/src/backend/catalog/dependency.c#L398-L430

Thanks,
Ayush Vatsa
SDE AWS

Commits

  1. Fix privilege checks for pg_prewarm() on indexes.

  2. Fix lookup code for REINDEX INDEX.

  3. Fix redefinition of typedef RangeVar.

  4. Fix lookups in pg_{clear,restore}_{attribute,relation}_stats().

  5. dblink: Avoid locking relation before privilege check.