Hi, On 2023-01-19 17:16:20 -0800, Jeff Davis wrote: > The predefined role is probably the biggest user-facing part of the > change. Does it mean that members can create any number of any kind of > subscription?
I don't think we need to support complicated restriction schemes around this now. I'm sure such needs exist, but I think there's more places where a simple "allowed/not allowed" suffices. You'd presumably just grant such a permission to "pseudo superuser" users. They can typically do a lot of bad things already, so I don't really see the common need to prevent them from creating many subscriptions. > If so it may be hard to tighten down later, because we don't know what > existing setups might break. Presumably the unlimited number of subs case would still exist as an option later - so I don't see the problem? > Perhaps we can just permit a superuser to "ALTER SUBSCRIPTION ... OWNER > TO <non-super>", which makes it simpler to use while still leaving the > responisbility with the superuser to get it right. Maybe we even block > the user from altering their own subscription (would be weird but not > much weirder than what we have now)? I don't know if that solves the > problem you're trying to solve, but it seems lower-risk. That seems to not really get us very far. It's hard to use for users, and hard to make secure for the hosted PG providers. Greetings, Andres Freund