* Peter Eisentraut (pete...@gmx.net) wrote: > On 12/29/14 7:16 PM, Adam Brightwell wrote: > > Given this discussion, I have attached a patch that removes CATUPDATE > > for review/discussion. > > > > One of the interesting behaviors (or perhaps not) is how > > 'pg_class_aclmask' handles an invalid role id when checking permissions > > against 'rolsuper' instead of 'rolcatupdate'. > > I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.
Err, wouldn't this make it possible to grant normal users the ability to modify system catalogs? I realize that they wouldn't have that initially, but I'm not sure we want the superuser to be able to grant that to non-superusers.. I'm fine with making it "if system table and not superuser, error". Thanks! Stephen
signature.asc
Description: Digital signature