On Fri, Mar 22, 2019 at 10:15:59AM +0800, Andrey Borodin wrote: > It seems to me that we have consensus that: > 1. We need special role to create subscription > 2. This role can create subscription with some security checks > 3. We have complete list of possible security checks
These are basically that the truncate, insert, delete and insert rights for the role creating the subscription. Why would we actually need that? > 4. We have code that implements most of these checks (I believe > pg_subscription_role_v2.patch is enough, but we can tighten checks a > little more) If a unique system role is the conclusion on the matter, it looks so. > If not, it is RFC, it should not be returned. The patch still needs some work before being RFC. From what I can read, pg_dump still ignores roles which are members of the system role pg_subscription_users and these should be able to dump subscriptions, so you have at least one problem. -- Michael
signature.asc
Description: PGP signature
