On 4/8/22 08:58, Magnus Hagander wrote:
> A side-note on this, which of course won't help the OP at this point,
> but if the general best practice of not running the application with a
> highly privileged account is followed, the problem won't occur (it will
> just fail early before breaking things). DISABLE TRIGGER ALL requires
> either ownership of the table or superuser permissions, none of which
> it's recommended that the application run with. Doesn't help once the
> problem has occurred of course, but can help avoid it happening in the
> future.
It gets even better further down in that code, where it UPDATEs
pg_constraint directly. That not only requires superuser but also catupd
permissions (which are separate from superuser for a reason).
Regards, Jan
