All, Andres, Now that we have begun removing the if (!superuser) checks and instead relying on the GRANT system to determine who is allowed to call certain functions, it's time to consider functions beyond the initial set.
In particular, the pg_logical_* functions have superuser checks and those checks also allow roles who have the replication role attribute. That isn't something we can represent with the GRANT system currently. The main question is if it really makes sense for the replication role attribute to control access to these functions. Personally, I'd rather restrict replication roles (who are not also superusers) from connecting to PG at all. Andres, I figured you would have the best idea about how impactful such a change would be on users of those functions. Thoughts? Thanks! Stephen
Description: Digital signature