| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | logical replication access control patches |
| Date: | 2017-02-17 23:24:12 |
| Message-ID: | 7a33990f-75b1-5a4f-e7c0-223e15b84c11@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Here is a patch set to refine various access control settings in logical
replication. Currently, you need to be replication or superuser for
most things, and the goal of these patches is to allow ordinary users
equipped with explicit privileges to do most things. (Btw., current
documentation is here:
https://www.postgresql.org/docs/devel/static/logical-replication-security.html)
0001 Refine rules for altering publication owner
No conceptual changes here, just some fixes to allow altering
publication owner in more cases.
0002 Add PUBLICATION privilege
Add a new privilege kind to tables to determine whether they can be
added to a publication.
0003 Add USAGE privilege for publications
This controls whether a subscription can use the publication.
There is an open issue with this patch: Since the walsender reads
system catalogs according to what it is currently streaming, you can't
grant this privilege after a subscription has already tried to connect
and failed, because the grant will only appear in the "future" of the
stream. (You can drop and recreate the subscription, as the test
shows.) This might need some snapshot trickery around the aclcheck call.
0004 Add CREATE SUBSCRIPTION privilege on databases
New privilege to allow creating a subscription, currently restricted to
superuser.
(We could also add a CREATE PUBLICATION privilege for symmetry.
Currently, publications use the CREATE privilege that schemas also use.)
0005 Add subscription apply worker privilege checks
Makes apply workers check privileges on tables before writing to them.
Currently, all subscription owners are superuser, but 0004 proposes to
change that.
0006 Change logical replication pg_hba.conf use
No longer use the "replication" keyword in pg_hba.conf for logical
replication. Use the normal database entries instead.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Refine-rules-for-altering-publication-owner.patch | text/x-patch | 5.6 KB |
| 0002-Add-PUBLICATION-privilege.patch | text/x-patch | 26.9 KB |
| 0003-Add-USAGE-privilege-for-publications.patch | text/x-patch | 42.5 KB |
| 0004-Add-CREATE-SUBSCRIPTION-privilege-on-databases.patch | text/x-patch | 13.7 KB |
| 0005-Add-subscription-apply-worker-privilege-checks.patch | text/x-patch | 5.2 KB |
| 0006-Change-logical-replication-pg_hba.conf-use.patch | text/x-patch | 2.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-02-17 23:34:59 | Re: pg_recvlogical.c doesn't build with --disable-integer-datetimes |
| Previous Message | Tomas Vondra | 2017-02-17 23:22:20 | Re: gitlab post-mortem: pg_basebackup waiting for checkpoint |