Peter Eisentraut wrote: > On 3/15/17 21:54, Peter Eisentraut wrote: > > 0004 Add subscription apply worker privilege checks > > 0005 Add CREATE SUBSCRIPTION privilege on databases > > It would be nice to reach a conclusion on these (the second one > particularly), because otherwise we'll be stuck with only superusers > being allowed to create subscriptions.
I note that the CREATE privilege on databases, which previously only enabled schema creation, now also allows to create publications. I wonder what is different about subscriptions that we need a separate CREATE SUBSCRIPTION privilege; could we allow the three things under the same privilege type? (I suspect not; why give logical replication controls to users who in previous releases were only able to create schemas?) If not, does it make sense to have one privilege for both new things, perhaps something like GRANT LOGICAL REPLICATION THINGIES? If not, maybe we should have three separate priv bits: GRANT CREATE for schemas, GRANT CREATE PUBLICATION and GRANT CREATE SUBSCRIPTION? So this CREATE SUBSCRIPTION priv actually gives you the power to cause the system to open network connections to the outside world. It's not something you give freely to random strangers -- should be guarded moderately tight, because it could be used as covert channel for data leaking. However, it's 1000x better than requiring superuser for subscription creation, so +1 for the current approach. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
