I found a strange checks in the native database privilege stuff. The EnableDisableRule() calls pg_class_ownercheck() to check the ownership of the relation which has a rule to be turned on/off.
Only ATExecEnableDisableRule() calls the EnableDisableRule(), and only ATExecCmd() calls the ATExecEnableDisableRule() with AT_EnableRule, AT_EnableAlwaysRule, AT_EnableReplicaRule and AT_DisableRule. However, ATPrepCmd() already checks ownership of the target relation using ATSimplePermissions(), so the pg_class_ownercheck() at the EnableDisableRule() always returns true. I replaced the checks by the abstraction of ac_rule_toggle() in my patch. However, it may be better to remove the checks simply. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
