Euler Taveira <eu...@eulerto.com> wrote: > On Fri, May 13, 2022, at 3:36 AM, Antonin Houska wrote: > > Attached is my proposal. It tries to be more specific and does not mention > the > absence of the privileges explicitly. > > You explained the current issue but say nothing about the limitation. This > information will trigger a question possibly in one of the MLs. IMO if you say > something like the sentence above at the end, it will make it clear why that > setup expose all data (there is no access control to publications) and > explicitly say there is a TODO here. > > Additional privileges might be added to control access to table data in a > future version of <productname>PostgreSQL</productname>.
I thought it sound too negative if absence of some feature was mentioned explicitly. However it makes sense to be clear from technical point of view. > I also wouldn't use the warning tag because it fits in the same category as > the > other restrictions listed in the page. ok, please see the next version. -- Antonin Houska Web: https://www.cybertec-postgresql.com
diff --git a/doc/src/sgml/ref/create_publication.sgml b/doc/src/sgml/ref/create_publication.sgml index 1a828e8d2ff..259fe20a148 100644 --- a/doc/src/sgml/ref/create_publication.sgml +++ b/doc/src/sgml/ref/create_publication.sgml @@ -112,6 +112,17 @@ CREATE PUBLICATION <replaceable class="parameter">name</replaceable> Specifying a table that is part of a schema specified by <literal>FOR ALL TABLES IN SCHEMA</literal> is not supported. </para> + + <para> + Note that there are currently no privileges on publication, and that any + subscriber can access any publication. Thus if you're trying to hide + some information from particular subscribers (by using the + <literal>WHERE</literal> clause or the column list, or by not adding the + whole table to the publication), please be aware that other publications + can expose the same information. Publication privileges might be added + to <productname>PostgreSQL</productname> in the future to allow for + fine-grained access control. + </para> </listitem> </varlistentry>