| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Petr Jelinek <petr(dot)jelinek(at)2ndquadrant(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: logical replication access control patches |
| Date: | 2017-03-10 19:05:42 |
| Message-ID: | 81ad5b9b-555f-4515-a2af-e0d564e19025@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/3/17 10:07, Stephen Frost wrote:
> Will users really understand that the PUBLISH right actually allows
> complete access to the entire relation, rather than just the ability for
> a user to PUBLISH what they are currently about to SELECT? It certainly
> doesn't seem intuitive to me, which is why I am concerned that it's
> going to lead to confusion and bug/security reports down the road, or,
> worse, poorly configured systems.
Well, this is a new system with its own properties, which is why I'm
proposing a new way to manage access. If it were just the same as the
existing stuff, we wouldn't need this conversation. I'm interested in
other ideas.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-03-10 19:06:02 | Re: ANALYZE command progress checker |
| Previous Message | Peter Eisentraut | 2017-03-10 19:02:21 | Re: logical replication access control patches |