On Wed, Jan 25, 2023 at 10:45 PM Jeff Davis <pg...@j-davis.com> wrote: > I propose that we have two predefined roles: pg_create_subscription, > and pg_create_connection. If creating a subscription with a connection > string, you'd need to be a member of both roles. But to create a > subscription with a server object, you'd just need to be a member of > pg_create_subscription and have the USAGE privilege on the server > object.
I have no issue with that as a long-term plan. However, I think that for right now we should just introduce pg_create_subscription. It would make sense to add pg_create_connection in the same patch that adds a CREATE CONNECTION command (or whatever exact syntax we end up with) -- and that patch can also change CREATE SUBSCRIPTION to require both privileges where a connection string is specified directly. -- Robert Haas EDB: http://www.enterprisedb.com
