Re: [HACKERS] Ignore tablespace ACLs when ignoring schema ACLs

On Sun, Feb 05, 2017 at 12:46:41PM -0500, Tom Lane wrote:
> Noah Misch <noah@leadboat.com> writes:
> > DefineIndex() has a check_rights argument that determines whether to perform a
> > namespace ACL check.  When ALTER TABLE ALTER TYPE rebuilds an index, it sets
> > that flag.  The theory goes that use of DROP INDEX and CREATE INDEX is a mere
> > implementation detail of ALTER TABLE ALTER TYPE; the operation is logically like
> > an alteration of the existing index.  I think the same treatment should extend
> > to the tablespace ACL check, as attached.
> 
> Seems generally reasonable.
> 
> Is there any likely use-case for providing separate control flags for the
> two permission checks?  That would require an API change for DefineIndex,
> making this considerably more invasive, so I'm not pushing for it ---
> just think it's worth asking the question before proceeding.

Good question.  I can't think of one.