On Wed, Mar 20, 2019 at 11:58:04PM +0800, Andrey Borodin wrote: >> 20 марта 2019 г., в 21:46, Robert Haas <robertmh...@gmail.com> написал(а): >> I think we should view this permission as "you can create >> subscriptions, plain and simple". > > That sounds good. > From my POV, the purpose of the patch is to allow users to transfer > their database via logical replication. Without superuser privileges > (e.g. to the managed cloud with vanilla postgres).
A system role to be able to create subscriptions is perhaps a too big hammer as that would apply to all databases of a system, still we may be able to live with that. Perhaps we would want something at database level different from GRANT CREATE ON DATABASE, but only for subscriptions? This way, it is possible to have per-database groups having the right to create subscriptions, and I'd like to think that we should not include subcription creation into the existing CREATE rights. It would be kind of funny to not have CREATE include the creation of this specific object though :) -- Michael
signature.asc
Description: PGP signature
