On Tue, 2026-06-16 at 10:09 +0000, Bertrand Drouvot wrote:
> 0002: fixes it by moving aclcheck_track_record() to after the
> permission check
> succeeds in object_aclcheck_ext() and pg_class_aclcheck_ext().
> Indeed, there is
> no need to track failed permission checks.
IIUC, this is necessary for correctness. If an ACL failure doesn't
cause a transaction abort, then there's a danger that we cause the
transaction to fail that should have succeeded.
So the ACL tracking needs to be precise: we can't track an ACL check
unless a failure always causes transaction abort; and we must track an
ACL check if it would cause a transaction abort. Right?
Regards,
Jeff Davis
