Re: Special role for subscriptions

Em qui, 14 de mar de 2019 às 00:03, Stephen Frost <sfrost(at)snowman(dot)net> escreveu:
>
> I view that as the first step towards building a more granular privilege
> system for subscription creation, and that was the second half of what I
> was trying to say before- I do think there's value in having something
> more granular than just "this role can create ANY subscription". As an
> administrator, I might be fine with subscriptions to system X, but not
> to system Y, for example. As long as we don't block off the ability to
> build something finer grained in the future, then having the system role
> to allow a given role to do create subscription seems fine to me.
>
Isn't that what HBA rules are for? I don't see a fine grain control if
there is no node concept. You need to name the remote replication
set(s) to locally control it. Postgres replication is distributed by
design (current node doesn't need to store info about all nodes --
just those it is connected to). Node is a centralizing concept (every
node has its peers info). Is it worth add complexity to logical
replication just to satisfy a fine grain control? In this case, node
concept should be adopted in a transparent manner (which means that
CREATE PUBLICATION/SUBSCRIPTION should create iif there is no NODE
specification) -- old syntax should work but we start to accept node
info in both sides.

--
Euler Taveira Timbira -
http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento