| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Petr Jelinek <petr(dot)jelinek(at)2ndquadrant(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: logical replication access control patches |
| Date: | 2017-03-14 19:15:49 |
| Message-ID: | 20170314191549.GV9812@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> However, what I'm not clear about is whether this is a situation
> that's likely to come up much in practice. I would have thought that
> publications and subscriptions would typically be configured by roles
> with quite high levels of privilege anyway, in which case the separate
> PUBLISH privilege would rarely be used in practice, and might
> therefore fail to be worth using up a bit. I might be missing a
> plausible scenario in which that's not the case, though.
Right, this is part of my concern also.
Further, PUBLISH, as I understand it, is something of a one-time or at
least reasonably rarely done operation. This is quite different from a
SELECT privilege which is used on every query against the table and
which may be GRANT'd to user X today and user Y tomorrow and perhaps
REVOKE'd from user X the next day.
What happens when the PUBLISH right is REVOKE'd from the user who did
the PUBLISH in the first place, for example..?
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2017-03-14 19:16:09 | Re: Patch: Write Amplification Reduction Method (WARM) |
| Previous Message | Pavan Deolasee | 2017-03-14 19:15:23 | Re: Patch: Write Amplification Reduction Method (WARM) |