On Tue, 2021-11-30 at 17:25 +0530, Amit Kapila wrote: > I think it would be better to do it before we allow subscription > owners to be non-superusers.
There are a couple other things to consider before allowing non- superusers to create subscriptions anyway. For instance, a non- superuser shouldn't be able to use a connection string that reads the certificate file from the server unless they also have pg_read_server_files privs. > Yeah, it is possible that is why I suggested in one of the emails > above to allow changing the owners only for disabled subscriptions. The current patch detects the following cases at the transaction boundary: * ALTER SUBSCRIPTION ... OWNER TO ... * ALTER ROLE ... NOSUPERUSER * privileges revoked one way or another (aside from the RLS/WCO problems, which will be fixed) If we want to detect at row boundaries we need to capture all of those cases too, or else we're being inconsistent. The latter two cannot be tied to whether the subscription is disabled or not, so I don't think that's a complete solution. How about (as a separate patch) we just do maybe_reread_subscription() every K operations within a transaction? That would speed up permissions errors if a revoke happens. Regards, Jeff Davis