Re: User with BYPASSRLS privilege can't change password

Tom Lane:
> How do you figure that?  This is in an "else" path after
> 
>     else if (authform->rolreplication || isreplication >= 0)
> 
> so AFAICS it's impossible to get there.  If it isn't impossible,
> we have a much bigger hole with respect to issuper.

Yes, you're right. I read the || as &&. And also missed the ! in else if 
(!have_createrole_privilege()) btw. :)

I guess the error message "must be superuser to alter replication users" 
led me on the wrong path. I would be more precise as "must be superuser 
to alter replication users or change replication attribute" to cover the 
change-non-replication-to-replication user case, I think. The same thing 
for superusers.

Best

Wolfgang