Euler Taveira <[email protected]> wrote:
> --eeab359ad6094efd84562cddd7fb9e89
> Content-Type: text/plain
>
> On Wed, May 18, 2022, at 6:44 AM, Antonin Houska wrote:
> > ok, please see the next version.
> The new paragraph looks good to me. I'm not sure if the CREATE PUBLICATION is
> the right place to provide such information. As I suggested in a previous
> email
> [1], you could add it to "Logical Replication > Security".
ok, I missed that. The next version moves the text there.
> [1] https://postgr.es/m/[email protected]
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
diff --git a/doc/src/sgml/logical-replication.sgml b/doc/src/sgml/logical-replication.sgml
index 145ea71d61b..2fcaa9d261a 100644
--- a/doc/src/sgml/logical-replication.sgml
+++ b/doc/src/sgml/logical-replication.sgml
@@ -1171,6 +1171,17 @@ CONTEXT: processing remote data for replication origin "pg_16395" during "INSER
schema automatically, the user must be a superuser.
</para>
+ <para>
+ Note that there are currently no privileges on publication, and that any
+ subscriber can access any publication. Thus if you're trying to hide some
+ information from particular subscribers (by using the
+ <literal>WHERE</literal> clause or the column list, or by not adding the
+ whole table to the publication), please be aware that other publications
+ can expose the same information. Publication privileges might be added
+ to <productname>PostgreSQL</productname> in the future to allow for
+ fine-grained access control.
+ </para>
+
<para>
To create a subscription, the user must be a superuser.
</para>
