Re: logical replication access control patches

On 14/03/17 19:47, Robert Haas wrote:
> On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
> <petr(dot)jelinek(at)2ndquadrant(dot)com> wrote:
>> My understanding of what Shephen is proposing is, you have "ownerA" of
>> tableA and "ownerB" of tableB, then you want role "publishe"r to be able
>> to publish those, so you simply grant it the "ownerA" and "ownerB"
>> roles. Obviously that might is many situations mean that the "publisher"
>> role potentially also gets sweeping privileges to other tables which may
>> not be desirable.
>
> I didn't hear Stephen propose that "publish" should be a
> role-attribute, and I don't understand why that would be a good idea.
> Presumably, we don't want unprivileged users to be able to fire up
> logical replication because that involves making connections to other
> systems from the PostgreSQL operating system user's account, and that
> should be a privileged operation. But that's the subscriber side, not
> the publisher side.
>
> I don't otherwise follow Stephen's argument. It seems like he's
> complaining that PUBLISH might give more access to the relation than
> SELECT, but, uh, that's what granting additional privileges does in
> general, by definition. Mostly we consider that a feature, not a bug.
>

Not what I mean - owner should be able to publish table. If you are
granted role of the owner you can do what owner can no? That's how I
understand Stephen's proposal.

--
Petr Jelinek http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services