Re: Non-superuser subscription owners
| От | Amit Kapila |
|---|---|
| Тема | Re: Non-superuser subscription owners |
| Дата | |
| Msg-id | CAA4eK1K9ghq8GxWMwN6=yKXTRJz7xbws+s2HiuyTV0oPokFTnQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Non-superuser subscription owners (Jeff Davis <pgsql@j-davis.com>) |
| Ответы |
Re: Non-superuser subscription owners
|
| Список | pgsql-hackers |
On Wed, Dec 1, 2021 at 2:12 AM Jeff Davis <pgsql@j-davis.com> wrote: > > On Tue, 2021-11-30 at 17:25 +0530, Amit Kapila wrote: > > I think it would be better to do it before we allow subscription > > owners to be non-superusers. > > There are a couple other things to consider before allowing non- > superusers to create subscriptions anyway. For instance, a non- > superuser shouldn't be able to use a connection string that reads the > certificate file from the server unless they also have > pg_read_server_files privs. > Isn't allowing to create subscriptions via non-superusers and allowing to change the owner two different things? I am under the impression that the latter one is more towards allowing the workers to apply changes with a non-superuser role. -- With Regards, Amit Kapila.
В списке pgsql-hackers по дате отправления: