| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
| Cc: | Euler Taveira <euler(at)timbira(dot)com(dot)br>, Robert Haas <robertmhaas(at)gmail(dot)com>, Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru>, Jeff Davis <pgsql(at)j-davis(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Дмитрий Сарафанников <dsarafan(at)yandex-team(dot)ru>, Владимир Бородин <root(at)simply(dot)name> |
| Subject: | Re: Special role for subscriptions |
| Date: | 2019-03-22 04:10:04 |
| Message-ID: | 20190322041004.GR20192@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Mar 22, 2019 at 10:15:59AM +0800, Andrey Borodin wrote:
> It seems to me that we have consensus that:
> 1. We need special role to create subscription
> 2. This role can create subscription with some security checks
> 3. We have complete list of possible security checks
These are basically that the truncate, insert, delete and insert
rights for the role creating the subscription. Why would we actually
need that?
> 4. We have code that implements most of these checks (I believe
> pg_subscription_role_v2.patch is enough, but we can tighten checks a
> little more)
If a unique system role is the conclusion on the matter, it looks so.
> If not, it is RFC, it should not be returned.
The patch still needs some work before being RFC. From what I can
read, pg_dump still ignores roles which are members of the system role
pg_subscription_users and these should be able to dump subscriptions,
so you have at least one problem.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2019-03-22 04:20:07 | Re: BUG #15572: Misleading message reported by "Drop function operation" on DB with functions having same name |
| Previous Message | Michael Paquier | 2019-03-22 04:01:44 | Re: current_logfiles not following group access and instead follows log_file_mode permissions |