Re: [HACKERS] logical replication access control patches
| От | Stephen Frost |
|---|---|
| Тема | Re: [HACKERS] logical replication access control patches |
| Дата | |
| Msg-id | 20170314191549.GV9812@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: [HACKERS] logical replication access control patches (Robert Haas <robertmhaas@gmail.com>) |
| Список | pgsql-hackers |
Greetings, * Robert Haas (robertmhaas@gmail.com) wrote: > However, what I'm not clear about is whether this is a situation > that's likely to come up much in practice. I would have thought that > publications and subscriptions would typically be configured by roles > with quite high levels of privilege anyway, in which case the separate > PUBLISH privilege would rarely be used in practice, and might > therefore fail to be worth using up a bit. I might be missing a > plausible scenario in which that's not the case, though. Right, this is part of my concern also. Further, PUBLISH, as I understand it, is something of a one-time or at least reasonably rarely done operation. This is quite different from a SELECT privilege which is used on every query against the table and which may be GRANT'd to user X today and user Y tomorrow and perhaps REVOKE'd from user X the next day. What happens when the PUBLISH right is REVOKE'd from the user who did the PUBLISH in the first place, for example..? Thanks! Stephen
В списке pgsql-hackers по дате отправления: