Re: Non-superuser subscription owners

> On Nov 17, 2021, at 1:10 PM, Jeff Davis <pgsql@j-davis.com> wrote:
>
> I think you misunderstood the idea: not using predefined roles, just
> plain old ordinary GRANT on a subscription object to ordinary roles.
>
>   GRANT REFRESH ON SUBSCRIPTION sub1 TO nonsuper;
>
> This should be easy enough because the subscription is a real object,
> right?

/*
 * Grantable rights are encoded so that we can OR them together in a bitmask.
 * The present representation of AclItem limits us to 16 distinct rights,
 * even though AclMode is defined as uint32.  See utils/acl.h.
 *
 * Caution: changing these codes breaks stored ACLs, hence forces initdb.
 */
typedef uint32 AclMode;         /* a bitmask of privilege bits */

#define ACL_INSERT      (1<<0)  /* for relations */
#define ACL_SELECT      (1<<1)
#define ACL_UPDATE      (1<<2)
#define ACL_DELETE      (1<<3)
#define ACL_TRUNCATE    (1<<4)
#define ACL_REFERENCES  (1<<5)
#define ACL_TRIGGER     (1<<6)
#define ACL_EXECUTE     (1<<7)  /* for functions */
#define ACL_USAGE       (1<<8)  /* for languages, namespaces, FDWs, and
                                 * servers */
#define ACL_CREATE      (1<<9)  /* for namespaces and databases */
#define ACL_CREATE_TEMP (1<<10) /* for databases */
#define ACL_CONNECT     (1<<11) /* for databases */


We only have 4 values left in the bitmask, and I doubt that burning those slots for multiple new types of rights that
onlyhave meaning for subscriptions is going to be accepted.  For full disclosure, I'm proposing adding ACL_SET and
ACL_ALTER_SYSTEMin another patch and my proposal there could get shot down for the same reasons, but I think your
argumentwould be even harder to defend.  Maybe others feel differently. 

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company