* Peter Eisentraut (pete...@gmx.net) wrote:
> On 12/29/14 7:16 PM, Adam Brightwell wrote:
> > Given this discussion, I have attached a patch that removes CATUPDATE
> > for review/discussion.
> > 
> > One of the interesting behaviors (or perhaps not) is how
> > 'pg_class_aclmask' handles an invalid role id when checking permissions
> > against 'rolsuper' instead of 'rolcatupdate'.
> I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.

Err, wouldn't this make it possible to grant normal users the ability to
modify system catalogs?  I realize that they wouldn't have that
initially, but I'm not sure we want the superuser to be able to grant
that to non-superusers..

I'm fine with making it "if system table and not superuser, error".



Attachment: signature.asc
Description: Digital signature

Reply via email to