* Peter Eisentraut (pete...@gmx.net) wrote: > On 12/29/14 7:16 PM, Adam Brightwell wrote: > > Given this discussion, I have attached a patch that removes CATUPDATE > > for review/discussion. > > > > One of the interesting behaviors (or perhaps not) is how > > 'pg_class_aclmask' handles an invalid role id when checking permissions > > against 'rolsuper' instead of 'rolcatupdate'. > > I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.
Err, wouldn't this make it possible to grant normal users the ability to
modify system catalogs? I realize that they wouldn't have that
initially, but I'm not sure we want the superuser to be able to grant
that to non-superusers..
I'm fine with making it "if system table and not superuser, error".
Thanks!
Stephen
signature.asc
Description: Digital signature
