| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Marcos Pegoraro <marcos(at)f10(dot)com(dot)br> |
| Cc: | Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Additional info for CREATE ROLE with REPLICATION |
| Date: | 2025-11-26 15:02:31 |
| Message-ID: | CAKFQuwY0+VpWDHHbSpRhcyOmqHX1kOrP3fAVVJ+6cLh2uhPVaQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wednesday, November 26, 2025, Marcos Pegoraro <marcos(at)f10(dot)com(dot)br> wrote:
> Em ter., 25 de nov. de 2025 às 23:22, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com>
> escreveu:
>
>> > <0001-Master - Additional info for create role with REPLICATION.diff>
>>
>
> ok, I understand that, but the REPLICATION paragraph says "A role having
> the REPLICATION attribute is a very highly privileged role". So the user
> thinks, well, if this role is a highly privileged role, he should have
> SELECT permission automatically, right ? And it does not, so a warning like
> this would be fine, I think.
>
>
Maybe the wording “highly privileged” should be reconsidered then to not
imply never needing to apply grants.
It also occurs to me, that section probably would be better off with some
cross-references to the sections that talk about replication in detail
instead of putting the detail here.
So, maybe replace “highly privileged” with “additional grants might be
necessary depending on whether you are doing (link) physical or (link)
logical replication”.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dean Rasheed | 2025-11-26 15:04:20 | Re: Second RewriteQuery complains about first RewriteQuery in edge case |
| Previous Message | Nathan Bossart | 2025-11-26 15:01:07 | Re: Remove unused struct fields |