| From: | Antonin Houska <ah(at)cybertec(dot)at> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Privileges on PUBLICATION |
| Date: | 2022-05-09 14:09:57 |
| Message-ID: | 20330.1652105397@antos |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Now that the user can specify rows and columns to be omitted from the logical
replication [1], I suppose hiding rows and columns from the subscriber is an
important use case. However, since the subscription connection user (i.e. the
user specified in the CREATE SUBSCRIPTION ... CONNECTION ... command) needs
SELECT permission on the replicated table (on the publication side), he can
just use another publication (which has different filters or no filters at
all) to get the supposedly-hidden data replicated.
Don't we need privileges on publication (e.g GRANT USAGE ON PUBLICATION ...)
now?
[1] https://www.postgresql.org/docs/devel/sql-createpublication.html
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2022-05-09 14:54:27 | Re: 2022-05-12 release announcement draft |
| Previous Message | Tom Lane | 2022-05-09 14:06:48 | Re: 2022-05-12 release announcement draft |