On Fri, May 13, 2022, at 3:36 AM, Antonin Houska wrote: > Attached is my proposal. It tries to be more specific and does not mention the > absence of the privileges explicitly. You explained the current issue but say nothing about the limitation. This information will trigger a question possibly in one of the MLs. IMO if you say something like the sentence above at the end, it will make it clear why that setup expose all data (there is no access control to publications) and explicitly say there is a TODO here.
Additional privileges might be added to control access to table data in a future version of <productname>PostgreSQL</productname>. I also wouldn't use the warning tag because it fits in the same category as the other restrictions listed in the page. -- Euler Taveira EDB https://www.enterprisedb.com/
