diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c index d4b00d1a828..65f739ef8cc 100644 --- a/src/backend/commands/event_trigger.c +++ b/src/backend/commands/event_trigger.c @@ -119,7 +119,7 @@ CreateEventTrigger(CreateEventTrigStmt *stmt) * this, but there are obvious privilege escalation risks which would have * to somehow be plugged first. */ - if (!superuser()) + if (!superuser() && !is_neon_superuser()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied to create event trigger \"%s\"", diff --git a/src/backend/commands/publicationcmds.c b/src/backend/commands/publicationcmds.c index a618ac5c7b2..727c59559fa 100644 --- a/src/backend/commands/publicationcmds.c +++ b/src/backend/commands/publicationcmds.c @@ -728,13 +728,6 @@ CheckPubRelationColumnList(char *pubname, List *tables, } } -static bool -is_neon_superuser(void) -{ - Oid neon_superuser_oid = get_role_oid("neon_superuser", true /*missing_ok*/); - return neon_superuser_oid != InvalidOid && has_privs_of_role(GetUserId(), neon_superuser_oid); -} - /* * Create new publication. */ diff --git a/src/backend/utils/adt/acl.c b/src/backend/utils/adt/acl.c index 883e09393a4..5255e57b9d8 100644 --- a/src/backend/utils/adt/acl.c +++ b/src/backend/utils/adt/acl.c @@ -123,6 +123,19 @@ static AclResult pg_role_aclcheck(Oid role_oid, Oid roleid, AclMode mode); static void RoleMembershipCacheCallback(Datum arg, int cacheid, uint32 hashvalue); +bool +is_neon_superuser(void) +{ + return is_neon_superuser_arg(GetUserId()); +} + +bool +is_neon_superuser_arg(Oid roleid) +{ + Oid neon_superuser_oid = get_role_oid("neon_superuser", true /*missing_ok*/); + return neon_superuser_oid != InvalidOid && has_privs_of_role(roleid, neon_superuser_oid); +} + /* * getid diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 95d19a761fc..505fce2ebe7 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -381,6 +381,9 @@ extern const char *GetSystemUser(void); extern bool superuser(void); /* current user is superuser */ extern bool superuser_arg(Oid roleid); /* given user is superuser */ +/* in utils/adt/acl.c */ +extern bool is_neon_superuser(void); /* current user is neon_superuser */ +extern bool is_neon_superuser_arg(Oid roleid); /* given user is neon_superuser */ /***************************************************************************** * pmod.h -- *