Quick Links

RE: Added schema level support for publication.

From:	"tanghy(dot)fnst(at)fujitsu(dot)com" <tanghy(dot)fnst(at)fujitsu(dot)com>
To:	vignesh C <vignesh21(at)gmail(dot)com>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>
Cc:	"houzj(dot)fnst(at)fujitsu(dot)com" <houzj(dot)fnst(at)fujitsu(dot)com>, Greg Nancarrow <gregn4422(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Smith <smithpb2250(at)gmail(dot)com>, Ajin Cherian <itsajin(at)gmail(dot)com>, Rahila Syed <rahilasyed90(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>
Subject:	RE: Added schema level support for publication.
Date:	2021-10-19 03:44:58
Message-ID:	OS0PR01MB6113E1D5B7AF342A30F52833FBBD9@OS0PR01MB6113.jpnprd01.prod.outlook.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Monday, October 18, 2021 8:23 PM vignesh C <vignesh21(at)gmail(dot)com> wrote:
>
> Thanks for the comments, the attached v42 patch has the fixes for the same.

Thanks for your new patch.

I tried your patch and found that the permission check for superuser didn't work.

For example:
postgres=# create role r1;
CREATE ROLE
postgres=# grant all privileges on database postgres to r1;
GRANT
postgres=# set role r1;
SET
postgres=> create schema s1;
CREATE SCHEMA
postgres=> create publication pub for all tables in schema s1;
CREATE PUBLICATION

Role r1 is not superuser, but this role could create publication for all tables in schema
successfully, I think it is related the following change. List schemaidlist was
not assigned yet. I think we should check it later.

@@ -165,6 +265,12 @@ CreatePublication(ParseState *pstate, CreatePublicationStmt *stmt)
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to create FOR ALL TABLES publication")));

+ /* FOR ALL TABLES IN SCHEMA requires superuser */
+ if (list_length(schemaidlist) > 0 && !superuser())
+ ereport(ERROR,
+ errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to create FOR ALL TABLES IN SCHEMA publication"));
+
rel = table_open(PublicationRelationId, RowExclusiveLock);

/* Check if name is used */

Regards
Tang

In response to

Re: Added schema level support for publication. at 2021-10-18 12:23:20 from vignesh C

Responses

Re: Added schema level support for publication. at 2021-10-19 04:56:33 from Amit Kapila
Re: Added schema level support for publication. at 2021-10-19 15:42:02 from vignesh C

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Bossart, Nathan	2021-10-19 03:54:37	Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES
Previous Message	Amit Kapila	2021-10-19 03:37:56	Re: Skipping logical replication transactions on subscriber side