On Tue, Jun 09, 2020 at 03:32:24PM +0900, Masahiko Sawada wrote: > One thing I'm concerned with this change is that we will end up > needing to grant both execute on pg_show_replication_origin_status() > and select on pg_replication_origin_status view when we want a > non-super user to access pg_replication_origin_status. It’s unlikely > that the user can grant both privileges at once as > pg_show_replication_origin_status() is not documented.
Not sure if that's worth worrying. We have similar cases like that, take for example pg_file_settings with pg_show_all_file_settings() which requires both a SELECT ACL on pg_file_settings and an EXECUTE ACL on pg_show_all_file_settings(). My point is that if you issue a GRANT SELECT on the catalog view, the user can immediately see when trying to query it that an extra execution is needed. > A user having a replication privilege already is able to execute these > functions. Do you mean to ease it so that a user also executes them > without replication privilege? Arf. Please forget what I wrote here, the hardcoded check for replication rights would be a problem. -- Michael
signature.asc
Description: PGP signature
