"Kevin Grittner" <Kevin.Grittner@wicourts.gov> writes:
> Tom Lane wrote:
>> More to the point, a GUC rollback transition *has to always
>> succeed*. Period.
> [ counterexample showing we should sometimes disallow "RESET" ]
This actually isn't what I was talking about: a RESET statement is a
commanded adoption of a new value that happens to be gotten off the
stack, and there's not a lot of logical difficulty in letting it fail.
What I was concerned about was the case where GUC is trying to
re-establish an old value during transaction rollback. For example,
assume we are superuser to start with, and we do
begin;set role unprivileged_user;...rollback;
The rollback needs to transition the role setting back to superuser.
A check based purely on allowed transitions would disallow that, since
it's not visibly different from the unprivileged_user trying to make
himself superuser. You have to take the context of the state change
into account.
And yeah, I agree it's a bug that you can do what Kevin's example shows.
regards, tom lane