Home > mailing lists

Re: Clarification on Role Access Rights to Table Indexes - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Clarification on Role Access Rights to Table Indexes
Date	February 18 01:02:03
Msg-id	934709.1739829723@sss.pgh.pa.us Whole thread Raw
In response to	Re: Clarification on Role Access Rights to Table Indexes (Ayush Vatsa <ayushvatsa1810@gmail.com>)
Responses	Re: Clarification on Role Access Rights to Table Indexes
List	pgsql-hackers

Tree view

Ayush Vatsa <ayushvatsa1810@gmail.com> writes:
> Thanks Robert for confirming, let me submit a patch to fix the same.

Well, the first thing you need is consensus on what the behavior
should be instead.

I have a very vague recollection that we concluded that SELECT
privilege was a reasonable check because if you have that you
could manually prewarm by reading the table.  That would lead
to the conclusion that the minimal fix is to look at the owning
table's privileges instead of the index's own privileges.

Or we could switch to using ownership, which'd keep the code
simple but some users might complain it's too restrictive.

While I mentioned built-in roles earlier, I now think those mostly
carry more privilege than should be required here, given the analogy
to SELECT.

            regards, tom lane

pgsql-hackers by date:

From: Nathan Bossart
Date: 18 February, 00:55:50
Subject: Re: describe special values in GUC descriptions more consistently

From: "David G. Johnston"
Date: 18 February, 01:12:59
Subject: Re: add function argument name to substring and substr

Re: Clarification on Role Access Rights to Table Indexes - Mailing list pgsql-hackers

Previous

Next