| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Zohar Gofer <Zohar(dot)Gofer(at)amdocs(dot)com> |
| Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_replication_origin_session_setup and superuser |
| Date: | 2021-02-16 00:51:38 |
| Message-ID: | YCsXGnnMCfA0GkR2@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Feb 15, 2021 at 09:37:53AM +0000, Zohar Gofer wrote:
> In my mind the requirement for superuser is too strong. I think that
> requiring privileges of a replication user is more suitable. This
> way we can require that only a user with replication privileges will
> actually do replication, even if this is not really a replication.
PostgreSQL 14 will remove those hardcoded superuser checks. Please
see this thread:
https://www.postgresql.org/message-id/CAPdiE1xJMZOKQL3dgHMUrPqysZkgwzSMXETfKkHYnBAB7-0VRQ@mail.gmail.com
And its related commit:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cc072641d41c55c6aa24a331fc1f8029e0a8d799
While the default is still superuser-only, it becomes possible to
grant access to this stuff to other roles that have no need to be
superusers.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2021-02-16 01:12:51 | Re: Snapbuild woes followup |
| Previous Message | osumi.takamichi@fujitsu.com | 2021-02-16 00:40:19 | RE: [HACKERS] logical decoding of two-phase transactions |