From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Petr Jelinek <petr(dot)jelinek(at)2ndquadrant(dot)com> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: logical replication access control patches |
Date: | 2017-03-14 19:46:43 |
Message-ID: | CA+TgmoZawQ=aQscSavH5bK0pEm2sNpiZwYoZuqKZJcm1xjPJog@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Mar 14, 2017 at 3:37 PM, Petr Jelinek
<petr(dot)jelinek(at)2ndquadrant(dot)com> wrote:
> On 14/03/17 20:09, Robert Haas wrote:
>> On Tue, Mar 14, 2017 at 2:56 PM, Petr Jelinek
>> <petr(dot)jelinek(at)2ndquadrant(dot)com> wrote:
>>> Note that I am not necessarily saying it's better though, just trying to
>>> explain. It definitely has drawbacks, as in order to grant publish on
>>> one table you might be granting lots of privileges on various objects by
>>> granting the role. So for granularity purposes Peter's PUBLISH privilege
>>> for tables sounds better to me.
>>
>> I get that. If, without the patch, letting user X do operation Y will
>> require either giving user X membership in a role that has many
>> privileges, and with the patch, will require only granting a specific
>> privilege on a specific object, then the latter is obviously far
>> better from a security point of view.
>>
>> However, what I'm not clear about is whether this is a situation
>> that's likely to come up much in practice. I would have thought that
>> publications and subscriptions would typically be configured by roles
>> with quite high levels of privilege anyway, in which case the separate
>> PUBLISH privilege would rarely be used in practice, and might
>> therefore fail to be worth using up a bit. I might be missing a
>> plausible scenario in which that's not the case, though.
>
> Yeah that's rather hard to say in front. Maybe safest action would be to
> give the permission to owners in 10 and revisit special privilege in 11
> based on feedback?
I think that would be entirely sensible.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2017-03-14 19:52:10 | Re: exposing wait events for non-backends (was: Tracking wait event for latches) |
Previous Message | Robert Haas | 2017-03-14 19:45:29 | Re: Microvacuum support for Hash Index |