From: | Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Дмитрий Сарафанников <dsarafan(at)yandex-team(dot)ru>, Андрей Бородин <x4mmm(at)yandex-team(dot)ru>, Владимир Бородин <root(at)simply(dot)name> |
Subject: | Re: Special role for subscriptions |
Date: | 2018-11-06 12:28:30 |
Message-ID: | 1707711541507310@myt5-68ad52a76c91.qloud-c.yandex.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi!
As a first step I suggest we allow CREATE SUBSCRIPTION for table owner only.
03.11.2018, 19:20, "Stephen Frost" <sfrost(at)snowman(dot)net>:
> Greetings,
>
> * Evgeniy Efimkin (efimkin(at)yandex-team(dot)ru) wrote:
>> In postgresql 10 and 11 only superuser can create/alter subscriptions.
>> If there was a special role (like pg_monitor), it would be more easy to grant control on subscriptions.
>> I can make a patch if there are no objections against it.
>
> I think the short answer is 'yes, we should let non-superusers do that',
> but the longer answer is:
>
> What level of access makes sense for managing subscriptions? Should
> there be a way to say "user X is allowed to create a subscription for
> remote system Y, but only for tables that exist in schema Q"?
>
> My general feeling is 'yes', though, of course, I don't want to say that
> we have to have all of that before we move forward with allowing
> non-superusers to create subscriptions, but I do think we want to make
> sure that we have a well thought-out path for how to get from where we
> are now to a system which has a lot more granularity, and to do our best
> to try avoiding any paths that might paint us into a corner.
>
> Thanks!
>
> Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2018-11-06 12:31:49 | Re: [HACKERS] generated columns |
Previous Message | Peter Eisentraut | 2018-11-06 12:27:16 | Re: [HACKERS] generated columns |