Re: Privileges on PUBLICATION

From: Antonin Houska <ah(at)cybertec(dot)at>
To: Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
Cc: Euler Taveira <euler(at)eulerto(dot)com>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Privileges on PUBLICATION
Date: 2022-11-03 05:43:12
Message-ID: 1537.1667454192@antos
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:

> The CF entry is about privileges on publications. Please rebase that patch
> and repost it so that the CF app and the CF bot are up to date.

The rebased patch (with regression tests added) is attached here.

There's still one design issue that I haven't mentioned yet: if the USAGE
privilege on a publication is revoked after the synchronization phase
completed, the missing privilege on a publication causes ERROR in the output
plugin. If the privilege is then granted, the error does not disappear because
the same (historical) snapshot we use to decode the failed data change again
is also used to check the privileges in the catalog, so the output plugin does
not see that the privilege has already been granted.

The only solution seems to be to drop the publication from the subscription
and add it again, or to drop and re-create the whole subscription. I haven't
added a note about this problem to the documentation yet, in case someone has
better idea how to approach the problem.

Antonin Houska

Attachment Content-Type Size
usage_privilege_on_publication_v2.diff text/x-diff 32.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Ian Lawrence Barwick 2022-11-03 07:37:38 Re: Improve description of XLOG_RUNNING_XACTS
Previous Message John Naylor 2022-11-03 05:40:19 Re: Incorrect include file order in guc-file.l