On Fri, Jun 26, 2026 at 9:14 AM Peter Smith <[email protected]> wrote: > > A question for v58-0002. > > ====== > src/test/regress/expected/subscription.out > > +-- Trying to create a new table manually in the pg_conflict namespace > +-- This should fail as the namespace is reserved for conflict log tables > +CREATE TABLE pg_conflict.manual_table (id int); > +ERROR: permission denied for schema pg_conflict > +LINE 1: CREATE TABLE pg_conflict.manual_table (id int); > + ^ > > Why is that error very different from the error received when > attempting the same thing for `pg_catalog` schema? > Shouldn't the errors in both cases be almost the same? > > Here: > - LINE is shown > - A schema error happens instead of a create table error > > OTOH, the similar case for pg_catalog looks like: > test_pub=# create table pg_catalog.t1(a int); > ERROR: permission denied to create "pg_catalog.t1" > DETAIL: System catalog modifications are currently disallowed. >
To prevent the creation of other objects such as operators, types, functions, extensions, views etc in the pg_conflict schema, a check was added to pg_namespace_aclmask_ext() to reject any object creation within that schema. As a result, the earlier table-specific error became redundant, which explains the difference between the two error messages. I agree that the previous error message was slightly better, but to avoid introducing special-case checks in multiple places, it makes more sense to enforce the restriction centrally during the schema permission check itself. The new error is consistent for all such object creations inside the conflict schema. thanks Shveta
