On Wed, Dec 1, 2021 at 2:12 AM Jeff Davis <pg...@j-davis.com> wrote: > > On Tue, 2021-11-30 at 17:25 +0530, Amit Kapila wrote: > > I think it would be better to do it before we allow subscription > > owners to be non-superusers. > > There are a couple other things to consider before allowing non- > superusers to create subscriptions anyway. For instance, a non- > superuser shouldn't be able to use a connection string that reads the > certificate file from the server unless they also have > pg_read_server_files privs. >
Isn't allowing to create subscriptions via non-superusers and allowing to change the owner two different things? I am under the impression that the latter one is more towards allowing the workers to apply changes with a non-superuser role. -- With Regards, Amit Kapila.
