On 3/29/17 19:01, Petr Jelinek wrote:
>> So this CREATE SUBSCRIPTION priv actually gives you the power to cause
>> the system to open network connections to the outside world. It's not
>> something you give freely to random strangers -- should be guarded
>> moderately tight, because it could be
On 29/03/17 20:55, Alvaro Herrera wrote:
> Peter Eisentraut wrote:
>> On 3/15/17 21:54, Peter Eisentraut wrote:
>
>>> 0004 Add subscription apply worker privilege checks
>>> 0005 Add CREATE SUBSCRIPTION privilege on databases
>>
>> It would be nice to reach a conclusion on these (the second one
Peter Eisentraut wrote:
> On 3/15/17 21:54, Peter Eisentraut wrote:
> > 0004 Add subscription apply worker privilege checks
> > 0005 Add CREATE SUBSCRIPTION privilege on databases
>
> It would be nice to reach a conclusion on these (the second one
> particularly), because otherwise we'll be
On 3/15/17 21:54, Peter Eisentraut wrote:
> 0001 Refine rules for altering publication owner
> 0002 Change logical replication pg_hba.conf use
These two were committed.
> 0003 Add USAGE privilege for publications
I'm withdrawing this one for now, because of some issues that were
discussed in
On 3/22/17 08:12, Petr Jelinek wrote:
> On 22/03/17 03:38, Peter Eisentraut wrote:
>> On 3/20/17 15:10, Petr Jelinek wrote:
>>> Hmm but REPLICATION role can do basebackup/consume wal, so how does
>>> giving it limited publication access help? Wouldn't we need some
>>> SUBSCRIPTION role/grant used
On 3/18/17 09:31, Petr Jelinek wrote:
>> 0001 Refine rules for altering publication owner
>>
>> kind of a bug fix
>
> Agreed, this can be committed as is.
>
>>
>> 0002 Change logical replication pg_hba.conf use
>>
>> This was touched upon in the discussion at
>>
On 22/03/17 03:38, Peter Eisentraut wrote:
> On 3/20/17 15:10, Petr Jelinek wrote:
>> Hmm but REPLICATION role can do basebackup/consume wal, so how does
>> giving it limited publication access help? Wouldn't we need some
>> SUBSCRIPTION role/grant used instead for logical replication connections
On 3/20/17 15:10, Petr Jelinek wrote:
> Hmm but REPLICATION role can do basebackup/consume wal, so how does
> giving it limited publication access help? Wouldn't we need some
> SUBSCRIPTION role/grant used instead for logical replication connections
> instead of REPLICATION for this to make sense?
On 20/03/17 13:32, Peter Eisentraut wrote:
> On 3/18/17 09:31, Petr Jelinek wrote:
>>> 0003 Add USAGE privilege for publications
>>>
>>> a way to control who can subscribe to a publication
>>>
>> Hmm IIUC this removes ability of REPLICATION role to subscribe to
>> publications. I am not quite sure
On 3/18/17 09:31, Petr Jelinek wrote:
>> 0003 Add USAGE privilege for publications
>>
>> a way to control who can subscribe to a publication
>>
> Hmm IIUC this removes ability of REPLICATION role to subscribe to
> publications. I am not quite sure I like that.
Well, this is kind of the way with
Hi,
I went over this patch set, don't really have all that much to say
except it looks good for the most part (details inline).
On 16/03/17 02:54, Peter Eisentraut wrote:
> New patch set based on the discussions. I have dropped the PUBLICATION
> privilege patch. The patches are also reordered
New patch set based on the discussions. I have dropped the PUBLICATION
privilege patch. The patches are also reordered a bit in approximate
decreasing priority order.
0001 Refine rules for altering publication owner
kind of a bug fix
0002 Change logical replication pg_hba.conf use
This was
On 3/14/17 14:49, Petr Jelinek wrote:
> Not what I mean - owner should be able to publish table. If you are
> granted role of the owner you can do what owner can no?
I didn't actually know that ownership worked that way. You can grant
the role of an owner to someone, and then that someone has
On 3/14/17 15:37, Petr Jelinek wrote:
> Yeah that's rather hard to say in front. Maybe safest action would be to
> give the permission to owners in 10 and revisit special privilege in 11
> based on feedback?
I'm fine with that.
--
Peter Eisentraut http://www.2ndQuadrant.com/
On 3/14/17 15:05, Stephen Frost wrote:
> Another approach to solving my concern would be to only allow the
> publishing of tables by non-owner users who have table-level SELECT
> rights
An early version of the logical replication patch set did that. But the
problem is that this way someone with
On Tue, Mar 14, 2017 at 3:37 PM, Petr Jelinek
wrote:
> On 14/03/17 20:09, Robert Haas wrote:
>> On Tue, Mar 14, 2017 at 2:56 PM, Petr Jelinek
>> wrote:
>>> Note that I am not necessarily saying it's better though, just trying to
>>>
On 14/03/17 20:09, Robert Haas wrote:
> On Tue, Mar 14, 2017 at 2:56 PM, Petr Jelinek
> wrote:
>> Note that I am not necessarily saying it's better though, just trying to
>> explain. It definitely has drawbacks, as in order to grant publish on
>> one table you might
Greetings,
* Robert Haas (robertmh...@gmail.com) wrote:
> However, what I'm not clear about is whether this is a situation
> that's likely to come up much in practice. I would have thought that
> publications and subscriptions would typically be configured by roles
> with quite high levels of
On Tue, Mar 14, 2017 at 2:56 PM, Petr Jelinek
wrote:
> Note that I am not necessarily saying it's better though, just trying to
> explain. It definitely has drawbacks, as in order to grant publish on
> one table you might be granting lots of privileges on various
Greetings,
* Petr Jelinek (petr.jeli...@2ndquadrant.com) wrote:
> On 14/03/17 19:47, Robert Haas wrote:
> > On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
> > wrote:
> >> My understanding of what Shephen is proposing is, you have "ownerA" of
> >> tableA and "ownerB"
On 14/03/17 19:49, Petr Jelinek wrote:
> On 14/03/17 19:47, Robert Haas wrote:
>> On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
>> wrote:
>>> My understanding of what Shephen is proposing is, you have "ownerA" of
>>> tableA and "ownerB" of tableB, then you want role
On 14/03/17 19:47, Robert Haas wrote:
> On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
> wrote:
>> My understanding of what Shephen is proposing is, you have "ownerA" of
>> tableA and "ownerB" of tableB, then you want role "publishe"r to be able
>> to publish those,
On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
wrote:
> My understanding of what Shephen is proposing is, you have "ownerA" of
> tableA and "ownerB" of tableB, then you want role "publishe"r to be able
> to publish those, so you simply grant it the "ownerA" and
On 10/03/17 20:02, Peter Eisentraut wrote:
> On 2/27/17 22:10, Stephen Frost wrote:
>> Peter,
>>
>> * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
>>> On 2/18/17 18:06, Stephen Frost wrote:
I'm not convinced that it really makes sense to have PUBLICATION of a
table be
On 3/3/17 10:07, Stephen Frost wrote:
> Will users really understand that the PUBLISH right actually allows
> complete access to the entire relation, rather than just the ability for
> a user to PUBLISH what they are currently about to SELECT? It certainly
> doesn't seem intuitive to me, which is
On 2/27/17 22:10, Stephen Frost wrote:
> Peter,
>
> * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
>> On 2/18/17 18:06, Stephen Frost wrote:
>>> I'm not convinced that it really makes sense to have PUBLICATION of a
>>> table be independent from the rights an owner of a table has.
* Petr Jelinek (petr.jeli...@2ndquadrant.com) wrote:
> On 28/02/17 04:10, Stephen Frost wrote:
> > Peter,
> >
> > * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
> >> On 2/18/17 18:06, Stephen Frost wrote:
> >>> I'm not convinced that it really makes sense to have PUBLICATION of a
>
On 28/02/17 04:10, Stephen Frost wrote:
> Peter,
>
> * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
>> On 2/18/17 18:06, Stephen Frost wrote:
>>> I'm not convinced that it really makes sense to have PUBLICATION of a
>>> table be independent from the rights an owner of a table has.
Peter,
* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
> On 2/18/17 18:06, Stephen Frost wrote:
> > I'm not convinced that it really makes sense to have PUBLICATION of a
> > table be independent from the rights an owner of a table has. We don't
> > allow other ALTER commands on
On 2/18/17 18:06, Stephen Frost wrote:
> I'm not convinced that it really makes sense to have PUBLICATION of a
> table be independent from the rights an owner of a table has. We don't
> allow other ALTER commands on objects based on GRANT'able rights, in
> general, so I'm not really sure that it
Peter,
* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
> 0002 Add PUBLICATION privilege
>
> Add a new privilege kind to tables to determine whether they can be
> added to a publication.
I'm not convinced that it really makes sense to have PUBLICATION of a
table be independent from
31 matches
Mail list logo