Re: User with BYPASSRLS privilege can't change password

Stephen Frost <sfrost@snowman.net> writes:
>> @@ -739,7 +741,6 @@ AlterRole(AlterRoleStmt *stmt)
>>             createrole < 0 &&
>>             createdb < 0 &&
>>             canlogin < 0 &&
>> -             isreplication < 0 &&
>>             !dconnlimit &&
>>             !rolemembers &&
>>             !validUntil &&

> This seems like an independent change..?  Not saying it's wrong though.

That test is redundant, since we wouldn't be in this path at all if
isreplication >= 0.  You could alternatively argue that this should
redundantly test all three of issuper, isreplication, and bypassrls;
but testing just one of them is confusing and hence bug-prone.

            regards, tom lane