Re: What have I done!?!?!? :-)

On 4/8/22 08:58, Magnus Hagander wrote:
> A side-note on this, which of course won't help the OP at this point, 
> but if the general best practice of not running the application with a 
> highly privileged account is followed, the problem won't occur (it will 
> just fail early before breaking things). DISABLE TRIGGER ALL requires 
> either ownership of the table or superuser permissions, none of which 
> it's recommended that the application run with. Doesn't help once the 
> problem has occurred of course, but can help avoid it happening in the 
> future.

It gets even better further down in that code, where it UPDATEs 
pg_constraint directly. That not only requires superuser but also catupd 
permissions (which are separate from superuser for a reason).


Regards, Jan