Re: Proposal: Conflict log history table for Logical Replication

shveta malik <shveta.malik@gmail.com>

From: shveta malik <shveta.malik@gmail.com>
To: Dilip Kumar <dilipbalaut@gmail.com>
Cc: Nisha Moond <nisha.moond412@gmail.com>, vignesh C <vignesh21@gmail.com>, Amit Kapila <amit.kapila16@gmail.com>, Peter Smith <smithpb2250@gmail.com>, Masahiko Sawada <sawada.mshk@gmail.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, shveta malik <shvetamalik@gmail.com>
Date: 2026-05-11T09:07:46Z
Lists: pgsql-hackers
Please see the test below:

CREATE USER user1 LOGIN ;
ALTER subscription sub1 owner to user1;

--Now as expected, user1 is able to access, delete or truncate:
postgres=> select count(*) from pg_conflict.pg_conflict_log_16387;
     0

postgres=> delete from pg_conflict.pg_conflict_log_16387;
DELETE 0

--When user1 tries to do insert, it gets error:
postgres=> insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR:  permission denied for table pg_conflict_log_16387

While superuser gets
postgres=# insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR:  cannot modify or insert data into conflict log table
"pg_conflict_log_16387"
DETAIL:  Conflict log tables are system-managed and only support
cleanup via DELETE or TRUNCATE.
-----

The error for user1 seems less intuitive as user1 owns
pg_conflict_log_16387. Shouldn't the non-superuser but the owner of
the CLT see the same error as the superuser is getting? I think the
error is due to the recent changes made in pg_class_aclmask_ext().
What do others think here?

thanks
Shveta