From 4da2c755a2acc39c97195154f7bd83cd8af05726 Mon Sep 17 00:00:00 2001 From: Dilip Kumar Date: Tue, 5 May 2026 17:59:33 +0530 Subject: [PATCH] poc test ownership --- src/backend/catalog/aclchk.c | 14 +++++++++++--- src/bin/initdb/initdb.c | 1 + 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 67424fe3b0c..a1395236ab3 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -3343,12 +3343,20 @@ pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, * As of 7.4 we have some updatable system views; those shouldn't be * protected in this way. Assume the view rules can take care of * themselves. ACL_USAGE is if we ever have system sequences. + * + * For conflict log tables, we allow non-superusers to perform DELETE + * and TRUNCATE for maintenance, while still restricting INSERT, + * UPDATE, and USAGE. */ if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) && - IsSystemClass(table_oid, classForm) && - classForm->relkind != RELKIND_VIEW && + IsConflictClass(classForm) && !superuser_arg(roleid)) - mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE); + mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_USAGE); + else if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) && + IsSystemClass(table_oid, classForm) && + classForm->relkind != RELKIND_VIEW && + !superuser_arg(roleid)) + mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE); /* * Otherwise, superusers bypass all permission-checking. diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 14cb79c26be..fa3316fcb97 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -1839,6 +1839,7 @@ setup_privileges(FILE *cmdfd) " AND relacl IS NULL;\n\n", escape_quotes(username)); PG_CMD_PUTS("GRANT USAGE ON SCHEMA pg_catalog, public TO PUBLIC;\n\n"); + PG_CMD_PUTS("GRANT USAGE ON SCHEMA pg_conflict TO pg_create_subscription;\n\n"); PG_CMD_PUTS("REVOKE ALL ON pg_largeobject FROM PUBLIC;\n\n"); PG_CMD_PUTS("INSERT INTO pg_init_privs " " (objoid, classoid, objsubid, initprivs, privtype)" -- 2.49.0