On 20/03/17 13:32, Peter Eisentraut wrote: > On 3/18/17 09:31, Petr Jelinek wrote: >>> 0003 Add USAGE privilege for publications >>> >>> a way to control who can subscribe to a publication >>> >> Hmm IIUC this removes ability of REPLICATION role to subscribe to >> publications. I am not quite sure I like that. > > Well, this is kind of the way with all privileges. They take away > abilities by default so you can assign them in a more fine-grained manner. > > You can still connect as superuser and do anything you want, if you want > a "quick start" setup. > > Right now, any replication user connecting can use any publication. > There is no way to distinguish different table groupings or different > use cases, such as partial replication of some tables that should go > over here, or archiving of some other tables that should go over there. > That's not optimal. >
Hmm but REPLICATION role can do basebackup/consume wal, so how does giving it limited publication access help? Wouldn't we need some SUBSCRIPTION role/grant used instead for logical replication connections instead of REPLICATION for this to make sense? -- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
