AW: Commit 5a2fed911a broke parallel query

Hello,

just a notice that this sounds like the symptom already described in
https://www.postgresql.org/message-id/c7896c19adb646e889d5b2e40fdd17c1@ldbv.bayern.de

Regards,
Christian

-----Ursprüngliche Nachricht-----
Von: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Gesendet: Montag, 23. Dezember 2024 11:55
An: pgsql-bugs(at)lists(dot)postgresql(dot)org
Betreff: Commit 5a2fed911a broke parallel query

This is a script to reproduce the problem:

CREATE ROLE fluff;
CREATE ROLE duff LOGIN IN ROLE fluff;
CREATE DATABASE scratch OWNER duff;
REVOKE CONNECT, TEMP ON DATABASE scratch FROM PUBLIC;

\c scratch duff
CREATE TABLE large AS SELECT id FROM generate_series(1, 500000) AS id;
GRANT SELECT ON large TO fluff;

SET ROLE fluff;
SELECT count(*) FROM large;

Since commit 5a2fed911a, this results in:

ERROR: permission denied for database "scratch"
DETAIL: User does not have CONNECT privilege.
CONTEXT: parallel worker

The following patch makes the problem disappear, but I am far
from certain that using the session user is always correct there:

diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index a024b1151d0..150ec3f52f8 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -360,7 +360,7 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect
* and save a few cycles.)
*/
if (!am_superuser &&
- object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
+ object_aclcheck(DatabaseRelationId, MyDatabaseId, GetSessionUserId(),
ACL_CONNECT) != ACLCHECK_OK)
ereport(FATAL,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

Yours,
Laurenz Albe