Commit 5a2fed911a broke parallel query

From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Commit 5a2fed911a broke parallel query
Date: 2024-12-23 10:55:28
Message-ID: 8befc845430ba1ae3748af900af298788e579c89.camel@cybertec.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

This is a script to reproduce the problem:

CREATE ROLE fluff;
CREATE ROLE duff LOGIN IN ROLE fluff;
CREATE DATABASE scratch OWNER duff;
REVOKE CONNECT, TEMP ON DATABASE scratch FROM PUBLIC;

\c scratch duff
CREATE TABLE large AS SELECT id FROM generate_series(1, 500000) AS id;
GRANT SELECT ON large TO fluff;

SET ROLE fluff;
SELECT count(*) FROM large;

Since commit 5a2fed911a, this results in:

ERROR: permission denied for database "scratch"
DETAIL: User does not have CONNECT privilege.
CONTEXT: parallel worker

The following patch makes the problem disappear, but I am far
from certain that using the session user is always correct there:

diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index a024b1151d0..150ec3f52f8 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -360,7 +360,7 @@ CheckMyDatabase(const char *name, bool am_superuser, bool override_allow_connect
* and save a few cycles.)
*/
if (!am_superuser &&
- object_aclcheck(DatabaseRelationId, MyDatabaseId, GetUserId(),
+ object_aclcheck(DatabaseRelationId, MyDatabaseId, GetSessionUserId(),
ACL_CONNECT) != ACLCHECK_OK)
ereport(FATAL,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

Yours,
Laurenz Albe

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Kirill Reshke 2024-12-23 14:24:40 Re: BUG #18751: Sub-optimal UNION ALL plan
Previous Message PG Bug reporting form 2024-12-23 09:53:06 BUG #18751: Sub-optimal UNION ALL plan