Move privilege check for SET SESSION AUTHORIZATION. Presently, the privilege check for SET SESSION AUTHORIZATION is performed in session_authorization's assign_hook. A relevant comment states, "It's OK because the check does not require catalog access and can't fail during an end-of-transaction GUC reversion..." However, we plan to add a catalog lookup to this privilege check in a follow-up commit.
This commit moves this privilege check to the check_hook for session_authorization. Like check_role(), we do not throw a hard error for insufficient privileges when the source is PGC_S_TEST. Author: Joseph Koshakow Discussion: https://postgr.es/m/CAAvxfHc-HHzONQ2oXdvhFF9ayRnidPwK%2BfVBhRzaBWYYLVQL-g%40mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/9987a7bf34061ed5cffc4e5113da056358976e94 Modified Files -------------- src/backend/commands/variable.c | 32 ++++++++++++++++++++++++++++---- src/backend/utils/init/miscinit.c | 30 ++++++++++++------------------ src/include/miscadmin.h | 1 + 3 files changed, 41 insertions(+), 22 deletions(-)