Index: src/backend/catalog/aclchk.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/catalog/aclchk.c,v
retrieving revision 1.97
diff -u -r1.97 aclchk.c
--- src/backend/catalog/aclchk.c	14 Jan 2004 03:44:53 -0000	1.97
+++ src/backend/catalog/aclchk.c	29 Apr 2004 22:57:43 -0000
@@ -1299,16 +1299,26 @@
 	bool		isNull;
 	Acl		   *acl;
 
-	/*
-	 * If we have been assigned this namespace as a temp namespace, assume
-	 * we have all grantable privileges on it.
-	 */
-	if (isTempNamespace(nsp_oid))
-		return ACLCHECK_OK;
-
 	/* Superusers bypass all permission checking. */
 	if (superuser_arg(userid))
 		return ACLCHECK_OK;
+
+	/*
+	 * If we have been assigned this namespace as a temp
+	 * namespace, check to make sure we have CREATE permissions on
+	 * the database.
+	 *
+	 * Instead of returning ACLCHECK_NO_PRIV, should we return via
+	 * ereport() with a message about trying to create an object
+	 * in a TEMP namespace when GetUserId() doesn't have perms?
+	 */
+	if (isTempNamespace(nsp_oid)) {
+	  if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
+				   ACL_CREATE_TEMP) == ACLCHECK_OK)
+	    return ACLCHECK_OK;
+	  else
+	    return ACLCHECK_NO_PRIV;
+	}
 
 	/*
 	 * Get the schema's ACL from pg_namespace
Index: src/backend/catalog/namespace.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/catalog/namespace.c,v
retrieving revision 1.63
diff -u -r1.63 namespace.c
--- src/backend/catalog/namespace.c	13 Feb 2004 01:08:20 -0000	1.63
+++ src/backend/catalog/namespace.c	29 Apr 2004 22:57:44 -0000
@@ -1640,11 +1640,11 @@
 	 * tables.	We use a nonstandard error message here since
 	 * "databasename: permission denied" might be a tad cryptic.
 	 *
-	 * Note we apply the check to the session user, not the currently active
-	 * userid, since we are not going to change our minds about temp table
-	 * availability during the session.
+	 * ACL_CREATE_TEMP perms are also checked in
+	 * pg_namespace_aclcheck() that way only users who have TEMP
+	 * perms can create objects.
 	 */
-	if (pg_database_aclcheck(MyDatabaseId, GetSessionUserId(),
+	if (pg_database_aclcheck(MyDatabaseId, GetUserId(),
 							 ACL_CREATE_TEMP) != ACLCHECK_OK)
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),