From: | Petr Jelinek <petr(dot)jelinek(at)2ndquadrant(dot)com> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: logical replication access control patches |
Date: | 2017-03-14 18:56:02 |
Message-ID: | 5d076065-1113-92fc-0bdb-7025ed46f74f@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 14/03/17 19:49, Petr Jelinek wrote:
> On 14/03/17 19:47, Robert Haas wrote:
>> On Tue, Mar 14, 2017 at 2:41 PM, Petr Jelinek
>> <petr(dot)jelinek(at)2ndquadrant(dot)com> wrote:
>>> My understanding of what Shephen is proposing is, you have "ownerA" of
>>> tableA and "ownerB" of tableB, then you want role "publishe"r to be able
>>> to publish those, so you simply grant it the "ownerA" and "ownerB"
>>> roles. Obviously that might is many situations mean that the "publisher"
>>> role potentially also gets sweeping privileges to other tables which may
>>> not be desirable.
>>
>> I didn't hear Stephen propose that "publish" should be a
>> role-attribute, and I don't understand why that would be a good idea.
>> Presumably, we don't want unprivileged users to be able to fire up
>> logical replication because that involves making connections to other
>> systems from the PostgreSQL operating system user's account, and that
>> should be a privileged operation. But that's the subscriber side, not
>> the publisher side.
>>
>> I don't otherwise follow Stephen's argument. It seems like he's
>> complaining that PUBLISH might give more access to the relation than
>> SELECT, but, uh, that's what granting additional privileges does in
>> general, by definition. Mostly we consider that a feature, not a bug.
>>
>
> Not what I mean - owner should be able to publish table. If you are
> granted role of the owner you can do what owner can no? That's how I
> understand Stephen's proposal.
>
Note that I am not necessarily saying it's better though, just trying to
explain. It definitely has drawbacks, as in order to grant publish on
one table you might be granting lots of privileges on various objects by
granting the role. So for granularity purposes Peter's PUBLISH privilege
for tables sounds better to me.
--
Petr Jelinek http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2017-03-14 18:56:26 | Re: Write Ahead Logging for Hash Indexes |
Previous Message | Andres Freund | 2017-03-14 18:50:45 | Re: WIP: Faster Expression Processing v4 |