| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Antonin Houska <ah(at)cybertec(dot)at> |
| Cc: | Euler Taveira <euler(at)eulerto(dot)com>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Privileges on PUBLICATION |
| Date: | 2022-11-11 14:08:16 |
| Message-ID: | 043c52a4-c001-0201-94fc-305dffb8313e@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04.11.22 08:28, Antonin Houska wrote:
> I thought about the whole concept a bit more and I doubt if the PUBLICATION
> privilege is the best approach. In particular, the user specified in CREATE
> SUBSCRIPTION ... CONNECTION ... (say "subscription user") needs to have SELECT
> privilege on the tables replicated. So if the DBA excludes some columns from
> the publication's column list and sets the (publication) privileges in such a
> way that the user cannot get the column values via other publications, the
> user still can connect to the database directly and get values of the excluded
> columns.
Why are the SELECT privileges needed? Maybe that's something to think
about and maybe change.
> As an alternative to the publication privileges, I think that the CREATE
> SUBSCRIPTION command could grant ACL_SELECT automatically to the subscription
> user on the individual columns contained in the publication column list, and
> DROP SUBSCRIPTION would revoke that privilege.
I think that approach is weird and unusual. Privileges and object
creation should be separate operations.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Pryzby | 2022-11-11 14:15:04 | Re: [PATCH] Teach pg_waldump to extract FPIs from the WAL |
| Previous Message | Aleksander Alekseev | 2022-11-11 13:52:56 | Re: [PoC] Let libpq reject unexpected authentication requests |