On Thu, Sep 21, 2023 at 8:03 AM Benoit Lobréau <benoit.lobr...@dalibo.com> wrote: > I am confused about the new subscription parameter: password_required. > > I have two instances. The publisher's pg_hba is configured too allow > connections without authentication. On the subscriber, I have an > unprivileged user with pg_create_subscription and CREATE on the database. > > I tried using a superuser to create a subsciption without setting the > password_required parameter (the default is true). Then I changed the > owner to the unprivileged user. > > This user can use the subscription without limitation (including ALTER > SUBSCRIPTION ENABLE / DISABLE). The \dRs+ metacommand shows that a > password is requiered, which is not the case (or it is but it's not > enforced). > > Is this normal? I was expecting the ALTER SUBSCRIPTION .. OWNER to fail.
Which one? I see 2 ALTER SUBSCRIPTION ... OWNER commands in password_required.log and 1 more in password_required2.log, but they're all performed by the superuser, who is entitled to do anything they want. The intention here is that most subscriptions will have passwordrequired=true. If such a subscription is owned by a superuser, the superuser can still use them however they like. If owned by a non-superuser, they can use them however they like *provided* that the password must be used to authenticate. If the superuser wants a non-superuser to be able to own a subscription that doesn't use a password, the superuser can set that up by configuring passwordrequired=false. But then that non-superuser is not allowed to further manipulate that subscription. -- Robert Haas EDB: http://www.enterprisedb.com