Re: Streaming replication as a separate permissions

* Robert Haas (robertmhaas@gmail.com) wrote:
> I think I agree with Florian about the confusing-ness of the proposed
> semantics.  Aren't you saying you want NOLOGIN mean "not allowed to
> log in for the purposes of issuing SQL commands, but allowed to log in
> for replication"?  Uggh.

I like the general idea of a replication-only "role" or "login".  Maybe
implementing that as a role w/ all the things that come along with it
being a role isn't right, but we don't want to have to reinvent all the
supported auth mechanisms (and please don't propose limiting the auth
options for the replication login!).  Is there a way we can leverage the
auth mechanisms, etc, while forcing the 'replication role' to only be
able to do what a 'replication role' should do?
Thanks,
    Stephen