On Tue, May 5, 2026 at 9:37 AM shveta malik <[email protected]> wrote: > > On Tue, May 5, 2026 at 8:26 AM Amit Kapila <[email protected]> wrote: > > > > On Mon, May 4, 2026 at 6:41 PM Dilip Kumar <[email protected]> wrote: > > > > > > PFA, poc patch for the same. > > I like the idea of PoC. It simplifies the implementation. > > > > > > > > I know it is POC but I think you need more work to prevent manual > > inserts/updates on conflict tables. > > > > I think CheckValidResultRel() handles it. > > postgres=# insert into pg_conflict.pg_conflict_16391 values (0); > ERROR: cannot modify or insert data into conflict log table > "pg_conflict_16391" > DETAIL: Conflict log tables are system-managed and only support > cleanup via DELETE or TRUNCATE
I think we can tweak a bit and pg_class_aclmask_ext() we can only allow truncate/delete on pg_conflict and block insert and update, here is the modified version. Please let me know your thoughts. -- Regards, Dilip Kumar Google
From 4da2c755a2acc39c97195154f7bd83cd8af05726 Mon Sep 17 00:00:00 2001 From: Dilip Kumar <[email protected]> Date: Tue, 5 May 2026 17:59:33 +0530 Subject: [PATCH] poc test ownership --- src/backend/catalog/aclchk.c | 14 +++++++++++--- src/bin/initdb/initdb.c | 1 + 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 67424fe3b0c..a1395236ab3 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -3343,12 +3343,20 @@ pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, * As of 7.4 we have some updatable system views; those shouldn't be * protected in this way. Assume the view rules can take care of * themselves. ACL_USAGE is if we ever have system sequences. + * + * For conflict log tables, we allow non-superusers to perform DELETE + * and TRUNCATE for maintenance, while still restricting INSERT, + * UPDATE, and USAGE. */ if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) && - IsSystemClass(table_oid, classForm) && - classForm->relkind != RELKIND_VIEW && + IsConflictClass(classForm) && !superuser_arg(roleid)) - mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE); + mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_USAGE); + else if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) && + IsSystemClass(table_oid, classForm) && + classForm->relkind != RELKIND_VIEW && + !superuser_arg(roleid)) + mask &= ~(ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE); /* * Otherwise, superusers bypass all permission-checking. diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index 14cb79c26be..fa3316fcb97 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -1839,6 +1839,7 @@ setup_privileges(FILE *cmdfd) " AND relacl IS NULL;\n\n", escape_quotes(username)); PG_CMD_PUTS("GRANT USAGE ON SCHEMA pg_catalog, public TO PUBLIC;\n\n"); + PG_CMD_PUTS("GRANT USAGE ON SCHEMA pg_conflict TO pg_create_subscription;\n\n"); PG_CMD_PUTS("REVOKE ALL ON pg_largeobject FROM PUBLIC;\n\n"); PG_CMD_PUTS("INSERT INTO pg_init_privs " " (objoid, classoid, objsubid, initprivs, privtype)" -- 2.49.0
