RE: Added schema level support for publication.
| От | tanghy.fnst@fujitsu.com |
|---|---|
| Тема | RE: Added schema level support for publication. |
| Дата | |
| Msg-id | OS0PR01MB6113E1D5B7AF342A30F52833FBBD9@OS0PR01MB6113.jpnprd01.prod.outlook.com обсуждение исходный текст |
| Ответ на | Re: Added schema level support for publication. (vignesh C <vignesh21@gmail.com>) |
| Ответы |
Re: Added schema level support for publication.
Re: Added schema level support for publication. |
| Список | pgsql-hackers |
On Monday, October 18, 2021 8:23 PM vignesh C <vignesh21@gmail.com> wrote:
>
> Thanks for the comments, the attached v42 patch has the fixes for the same.
Thanks for your new patch.
I tried your patch and found that the permission check for superuser didn't work.
For example:
postgres=# create role r1;
CREATE ROLE
postgres=# grant all privileges on database postgres to r1;
GRANT
postgres=# set role r1;
SET
postgres=> create schema s1;
CREATE SCHEMA
postgres=> create publication pub for all tables in schema s1;
CREATE PUBLICATION
Role r1 is not superuser, but this role could create publication for all tables in schema
successfully, I think it is related the following change. List schemaidlist was
not assigned yet. I think we should check it later.
@@ -165,6 +265,12 @@ CreatePublication(ParseState *pstate, CreatePublicationStmt *stmt)
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser to create FOR ALL TABLES publication")));
+ /* FOR ALL TABLES IN SCHEMA requires superuser */
+ if (list_length(schemaidlist) > 0 && !superuser())
+ ereport(ERROR,
+ errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be superuser to create FOR ALL TABLES IN SCHEMA publication"));
+
rel = table_open(PublicationRelationId, RowExclusiveLock);
/* Check if name is used */
Regards
Tang
В списке pgsql-hackers по дате отправления: