Respect permissions within logical replication.
Prevent logical replication workers from performing insert, update,
delete, truncate, or copy commands on tables unless the subscription
owner has permission to do so.
Prevent subscription owners from circumventing row-level security by
forbidding replication into tables with row-level security policies
which the subscription owner is subject to, without regard to whether
the policy would ordinarily allow the INSERT, UPDATE, DELETE or
TRUNCATE which is being replicated. This seems sufficient for now, as
superusers, roles with bypassrls, and target table owners should still
be able to replicate despite RLS policies. We can revisit the
question of applying row-level security policies on a per-row basis if
this restriction proves too severe in practice.
Author: Mark Dilger
Reviewed-by: Jeff Davis, Andrew Dunstan, Ronan Dunklau
Discussion: https://postgr.es/m/9DFC88D3-1300-4DE8-ACBC-4CEF84399A53%40enterprisedb.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/a2ab9c06ea15fbcb2bfde570986a06b37f52bcca
Modified Files
--------------
doc/src/sgml/logical-replication.sgml | 36 ++-
src/backend/commands/subscriptioncmds.c | 2 +
src/backend/replication/logical/tablesync.c | 28 +++
src/backend/replication/logical/worker.c | 42 ++++
src/test/perl/PostgreSQL/Test/Cluster.pm | 36 +++
src/test/subscription/t/027_nosuperuser.pl | 363 ++++++++++++++++++++++++++++
6 files changed, 499 insertions(+), 8 deletions(-)