Re: Proposal: Conflict log history table for Logical Replication
shveta malik <shveta.malik@gmail.com>
From: shveta malik <shveta.malik@gmail.com>
To: Dilip Kumar <dilipbalaut@gmail.com>
Cc: Nisha Moond <nisha.moond412@gmail.com>, vignesh C <vignesh21@gmail.com>, Amit Kapila <amit.kapila16@gmail.com>, Peter Smith <smithpb2250@gmail.com>, Masahiko Sawada <sawada.mshk@gmail.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
shveta malik <shvetamalik@gmail.com>
Date: 2026-05-11T09:07:46Z
Lists: pgsql-hackers
Please see the test below:
CREATE USER user1 LOGIN ;
ALTER subscription sub1 owner to user1;
--Now as expected, user1 is able to access, delete or truncate:
postgres=> select count(*) from pg_conflict.pg_conflict_log_16387;
0
postgres=> delete from pg_conflict.pg_conflict_log_16387;
DELETE 0
--When user1 tries to do insert, it gets error:
postgres=> insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR: permission denied for table pg_conflict_log_16387
While superuser gets
postgres=# insert into pg_conflict.pg_conflict_log_16387 values (0);
ERROR: cannot modify or insert data into conflict log table
"pg_conflict_log_16387"
DETAIL: Conflict log tables are system-managed and only support
cleanup via DELETE or TRUNCATE.
-----
The error for user1 seems less intuitive as user1 owns
pg_conflict_log_16387. Shouldn't the non-superuser but the owner of
the CLT see the same error as the superuser is getting? I think the
error is due to the recent changes made in pg_class_aclmask_ext().
What do others think here?
thanks
Shveta