> 21 марта 2019 г., в 8:56, Michael Paquier <mich...@paquier.xyz> написал(а):
>
> On Wed, Mar 20, 2019 at 11:58:04PM +0800, Andrey Borodin wrote:
>>> 20 марта 2019 г., в 21:46, Robert Haas <robertmh...@gmail.com> написал(а):
>>> I think we should view this permission as "you can create
>>> subscriptions, plain and simple".
>>
>> That sounds good.
>> From my POV, the purpose of the patch is to allow users to transfer
>> their database via logical replication. Without superuser privileges
>> (e.g. to the managed cloud with vanilla postgres).
>
> A system role to be able to create subscriptions is perhaps a too big
> hammer as that would apply to all databases of a system, still we may
> be able to live with that.
>
> Perhaps we would want something at database level different from GRANT
> CREATE ON DATABASE, but only for subscriptions? This way, it is
> possible to have per-database groups having the right to create
> subscriptions, and I'd like to think that we should not include
> subcription creation into the existing CREATE rights. It would be
> kind of funny to not have CREATE include the creation of this specific
> object though :)
I think that small granularity can lead to unnecessary multiplication of
subscription. User need to have sufficient minimum number of subscriptions,
like they have 1 incoming WAL.
If we have per-database permission management, user will decide that it is a
good thing to divide one subscription to per-database subscriptions.
Best regards, Andrey Borodin.
