Privileges on PUBLICATION

From: Antonin Houska <ah(at)cybertec(dot)at>
To: pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Privileges on PUBLICATION
Date: 2022-05-09 14:09:57
Message-ID: 20330.1652105397@antos
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Now that the user can specify rows and columns to be omitted from the logical
replication [1], I suppose hiding rows and columns from the subscriber is an
important use case. However, since the subscription connection user (i.e. the
user specified in the CREATE SUBSCRIPTION ... CONNECTION ... command) needs
SELECT permission on the replicated table (on the publication side), he can
just use another publication (which has different filters or no filters at
all) to get the supposedly-hidden data replicated.

Don't we need privileges on publication (e.g GRANT USAGE ON PUBLICATION ...)


Antonin Houska


Browse pgsql-hackers by date

  From Date Subject
Next Message Jonathan S. Katz 2022-05-09 14:54:27 Re: 2022-05-12 release announcement draft
Previous Message Tom Lane 2022-05-09 14:06:48 Re: 2022-05-12 release announcement draft