> 22 марта 2019 г., в 9:28, Michael Paquier <mich...@paquier.xyz> написал(а):
>
> On Thu, Mar 21, 2019 at 10:06:03AM -0300, Euler Taveira wrote:
>> It will be really strange but I can live with that. Another idea is
>> CREATE bit to create subscriptions (without replicate) and SUBSCRIBE
>> bit to replicate tables. It is not just a privilege to create a
>> subscription but also to modify tables that a role doesn't have
>> explicit permission. Let's allocate another AclItem?
>
> By the way, as the commit fest is coming to its end in a couple of
> days, and that we are still discussing how the thing should be shaped,
> I would recommend to mark the patch as returned with feedback. Any
> objections with that?
It seems to me that we have consensus that:
1. We need special role to create subscription
2. This role can create subscription with some security checks
3. We have complete list of possible security checks
4. We have code that implements most of these checks (I believe
pg_subscription_role_v2.patch is enough, but we can tighten checks a little
more)
Do we have any objection on these points?
If not, it is RFC, it should not be returned.
Best regards, Andrey Borodin.
