Hi
When using a functional index on a table, we realized that the permission
check done in pg_stats was incorrect and thus preventing valid access to the
statistics from users.
How to reproduce:
create table tbl1 (a integer, b integer);
insert into tbl1 select x, x % 50 from generate_series(1, 200000) x;
create index on tbl1 using btree ((a % (b + 1)));
analyze ;
create user demo_priv encrypted password 'demo';
revoke ALL on SCHEMA public from PUBLIC ;
grant select on tbl1 to demo_priv;
grant usage on schema public to demo_priv;
And as demo_priv user:
select tablename, attname from pg_stats where tablename like 'tbl1%';
Returns:
tablename | attname
-----------+---------
tbl1 | a
tbl1 | b
(2 rows)
Expected:
tablename | attname
---------------+---------
tbl1 | a
tbl1 | b
tbl1_expr_idx | expr
(3 rows)
The attached patch fixes this by introducing a second path in privilege check
in pg_stats view.
I have not written a regression test yet, mainly because I'm not 100% certain
where to write it. Given some hints, I would happily add it to this patch.
Regards
Pierre Ducroquet
