On Fri, Jan 13, 2023 at 11:56:03AM -0800, Jeff Davis wrote: > I'm hesitant to add an index to pg_class just for the privilege checks > on toast tables, and I don't think we need to.
I bet this index will be useful for more than just these privilege checks (e.g., autovacuum currently creates a hash table for the toast-to-main-relation mapping), but I do understand the hesitation. > Instead, we can just > skip the privilege check on a toast table if it's not referenced > directly, because we already checked the privileges on the parent, and > we still hold the session lock so nothing strange should have happened. That would fix the problem in the original complaint, but it wouldn't allow for vacuuming toast tables directly if you only have MAINTAIN privileges on the main relation. If you can vacuum the toast table indirectly via the main relation, shouldn't it be possible to vacuum it directly? -- Nathan Bossart Amazon Web Services: https://aws.amazon.com