On Mon, Mar 4, 2019 at 1:55 AM Michael Paquier <michael@paquier.xyz> wrote:
> - To create a subscription, the user must be a superuser.
> + To add tables to a subscription, the user must have ownership rights on the
> + table.
> [...]
> + /* must have CREATE privilege on database */
> + aclresult = pg_database_aclcheck(MyDatabaseId, GetUserId(), ACL_CREATE);
> + if (aclresult != ACLCHECK_OK)
> + aclcheck_error(aclresult, OBJECT_DATABASE,
> + get_database_name(MyDatabaseId));
> So this means that we degrade subscription creation requirement from
> being a superuser to someone having CREATE rights on a given
> database?
I find that entirely unacceptable, for reasons which I also talked
about on the other thread where this was discussed:
https://www.postgresql.org/message-id/CA+TgmoahEoM2zZO71yv4883HFarXcBcOs3if6fEdRcRs8Fs=zA@mail.gmail.com
Letting unprivileged users initiate outbound network traffic and
more-or-less permanent background processes seems like a terrible
idea.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company