Remove any-user DML capability from allow_system_table_mods

Peter Eisentraut <peter@eisentraut.org>

Commit: 508bf95b767140ec1a339bcb53538d21deb9d995
Author: Peter Eisentraut <peter@eisentraut.org>
Date: 2019-11-29T09:22:13Z
Releases: 13.0
Remove any-user DML capability from allow_system_table_mods

Previously, allow_system_table_mods allowed a non-superuser to do DML
on a system table without further permission checks.  This has been
removed, as it was quite inconsistent with the rest of the meaning of
this setting.  (Since allow_system_table_mods was previously only
accessible with a server restart, it is unlikely that anyone was using
this possibility.)

Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://www.postgresql.org/message-id/flat/8b00ea5e-28a7-88ba-e848-21528b632354%402ndquadrant.com

Files

PathChange+/−
src/backend/catalog/aclchk.c modified +2 −3

Discussion