Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
Tom Lane <tgl@sss.pgh.pa.us>
Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather than during define_custom_variable(). This entails rejecting an ALTER command if the target variable doesn't have a known (non-placeholder) definition, unless the calling user is superuser. When the variable *is* known, we can correctly apply the rule that only superusers can issue ALTER for SUSET parameters. This allows define_custom_variable to apply ALTER's values for SUSET parameters at module load time, secure in the knowledge that only a superuser could have set the ALTER value. This change fixes a longstanding gotcha in the usage of SUSET-level custom parameters; which is a good thing to fix now that plpgsql defines such a parameter.
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/ref/alter_role.sgml | modified | +27 −22 |
| src/backend/utils/misc/guc.c | modified | +131 −42 |