On Tue, Nov 3, 2020 at 11:06 AM Stephen Frost <sfrost@snowman.net> wrote:
> diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c > index 9ce9a66921..5cd479a649 100644 > --- a/src/backend/commands/user.c > +++ b/src/backend/commands/user.c > @@ -709,8 +709,10 @@ AlterRole(AlterRoleStmt *stmt) > roleid = authform->oid; > > /* > - * To mess with a superuser you gotta be superuser; else you need > - * createrole, or just want to change your own password > + * To mess with a superuser or replication role in any way you gotta be > + * superuser. We also insist on superuser to change the BYPASSRLS > + * property. Otherwise, if you don't have createrole, you're only allowed > + * to change your own password. > */ > if (authform->rolsuper || issuper >= 0) > { > @@ -726,7 +728,7 @@ AlterRole(AlterRoleStmt *stmt) > (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), > errmsg("must be superuser to alter replication users"))); > } > - else if (authform->rolbypassrls || bypassrls >= 0) > + else if (bypassrls >= 0) > { > if (!superuser()) > ereport(ERROR,
This change looks correct, we shouldn't be worrying about what's already been set on the role.
Is the nuance that in reality a non-superuser cannot specify BypassRLS even if the effective value is unchanged unimportant here?