I went over this patch set, don't really have all that much to say
except it looks good for the most part (details inline).

On 16/03/17 02:54, Peter Eisentraut wrote:
> New patch set based on the discussions.  I have dropped the PUBLICATION
> privilege patch.  The patches are also reordered a bit in approximate
> decreasing priority order.
> 0001 Refine rules for altering publication owner
> kind of a bug fix

Agreed, this can be committed as is.

> 0002 Change logical replication pg_hba.conf use
> This was touched upon in the discussion at
> <https://www.postgresql.org/message-id/flat/CAB7nPqRf8eOv15SPQJbC1npJoDWTNPMTNp6AvMN-XWwB53h2Cg%40mail.gmail.com>
> and seems to have been viewed favorably there.

Seems like a good idea and I think can be committed as well.

> 0003 Add USAGE privilege for publications
> a way to control who can subscribe to a publication

Hmm IIUC this removes ability of REPLICATION role to subscribe to
publications. I am not quite sure I like that.

> 0004 Add subscription apply worker privilege checks
> This is a prerequisite for the next one (or one like it).
> 0005 Add CREATE SUBSCRIPTION privilege on databases
> Need a way to determine which user can create subscriptions.  The
> presented approach made sense to me, but maybe there are other ideas.

The CREATE SUBSCRIPTION as name of privilege is bit weird but something
like SUBSCRIBE would be more fitting for publish side (to which you
subscriber) so don't really have a better name. I like that the patches
cache the acl result so performance impact should be negligible.

  Petr Jelinek                  http://www.2ndQuadrant.com/
  PostgreSQL Development, 24x7 Support, Training & Services

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to