On Monday, October 18, 2021 8:23 PM vignesh C <vignesh21@gmail.com> wrote:
>
> Thanks for the comments, the attached v42 patch has the fixes for the same.
Thanks for your new patch.
I tried your patch and found that the permission check for superuser didn't work.
For example:
postgres=# create role r1;
CREATE ROLE
postgres=# grant all privileges on database postgres to r1;
GRANT
postgres=# set role r1;
SET
postgres=> create schema s1;
CREATE SCHEMA
postgres=> create publication pub for all tables in schema s1;
CREATE PUBLICATION
Role r1 is not superuser, but this role could create publication for all tables in schema
successfully, I think it is related the following change. List schemaidlist was
not assigned yet. I think we should check it later.
@@ -165,6 +265,12 @@ CreatePublication(ParseState *pstate, CreatePublicationStmt *stmt)
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to create FOR ALL TABLES publication")));
+ /* FOR ALL TABLES IN SCHEMA requires superuser */
+ if (list_length(schemaidlist) > 0 && !superuser())
+ ereport(ERROR,
+ errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to create FOR ALL TABLES IN SCHEMA publication"));
+
rel = table_open(PublicationRelationId, RowExclusiveLock);
/* Check if name is used */
Regards
Tang