Please see the test below:
CREATE USER user1 LOGIN ;
ALTER subscription sub1 owner to user1;
--Now as expected, user1 is able to access, delete or truncate:
postgres=> select count(*) from pg_conflict.pg_conflict_log_16387;
0
postgres=> delete from pg_conflict.pg_conflict_log_16387;
DELETE 0
--When user1 tries to do insert, it gets error:
postgres=> insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR: permission denied for table pg_conflict_log_16387
While superuser gets
postgres=# insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR: cannot modify or insert data into conflict log table
"pg_conflict_log_16387"
DETAIL: Conflict log tables are system-managed and only support
cleanup via DELETE or TRUNCATE.
-----
The error for user1 seems less intuitive as user1 owns
pg_conflict_log_16387. Shouldn't the non-superuser but the owner of
the CLT see the same error as the superuser is getting? I think the
error is due to the recent changes made in pg_class_aclmask_ext().
What do others think here?
thanks
Shveta
