Hi, I went over this patch set, don't really have all that much to say except it looks good for the most part (details inline).
On 16/03/17 02:54, Peter Eisentraut wrote: > New patch set based on the discussions. I have dropped the PUBLICATION > privilege patch. The patches are also reordered a bit in approximate > decreasing priority order. > > 0001 Refine rules for altering publication owner > > kind of a bug fix Agreed, this can be committed as is. > > 0002 Change logical replication pg_hba.conf use > > This was touched upon in the discussion at > <https://www.postgresql.org/message-id/flat/CAB7nPqRf8eOv15SPQJbC1npJoDWTNPMTNp6AvMN-XWwB53h2Cg%40mail.gmail.com> > and seems to have been viewed favorably there. Seems like a good idea and I think can be committed as well. > > 0003 Add USAGE privilege for publications > > a way to control who can subscribe to a publication > Hmm IIUC this removes ability of REPLICATION role to subscribe to publications. I am not quite sure I like that. > 0004 Add subscription apply worker privilege checks > > This is a prerequisite for the next one (or one like it). > > 0005 Add CREATE SUBSCRIPTION privilege on databases > > Need a way to determine which user can create subscriptions. The > presented approach made sense to me, but maybe there are other ideas. > The CREATE SUBSCRIPTION as name of privilege is bit weird but something like SUBSCRIBE would be more fitting for publish side (to which you subscriber) so don't really have a better name. I like that the patches cache the acl result so performance impact should be negligible. -- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers