| From: | Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Jeff Davis <pgsql(at)j-davis(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Дмитрий Сарафанников <dsarafan(at)yandex-team(dot)ru>, Андрей Бородин <x4mmm(at)yandex-team(dot)ru>, Владимир Бородин <root(at)simply(dot)name> |
| Subject: | Re: Special role for subscriptions |
| Date: | 2019-03-14 07:56:25 |
| Message-ID: | 107741552550185@iva8-4dbd956b10a3.qloud-c.yandex.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi!
> I view that as the first step towards building a more granular privilege
> system for subscription creation, and that was the second half of what I
> was trying to say before- I do think there's value in having something
> more granular than just "this role can create ANY subscription". As an
> administrator, I might be fine with subscriptions to system X, but not
> to system Y, for example. As long as we don't block off the ability to
> build something finer grained in the future, then having the system role
> to allow a given role to do create subscription seems fine to me.
Do you mean something like `CREATE SERVER` with privileges for each server, which using in CREATE SUBSCRIPTION, very similar way used in foreign data wrapper?
--------
Efimkin Evgeny
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro HORIGUCHI | 2019-03-14 08:05:24 | Re: Is PREPARE of ecpglib thread safe? |
| Previous Message | Mitar | 2019-03-14 07:53:02 | Re: Adding a concept of TEMPORARY TABLESPACE for the use in temp_tablespaces |